0

I am using v3 of the php google calendar api.

After the calendar owner authorizes i save the access_token with the refresh token in the database.

When the calendar page is displayed by anyone i have this little bit of code that works

$client = new apiClient();
$client->setApplicationName("My Calendar");
$client->setAccessType('offline');
$client->setAccessToken( $_SESSION['google']['access_token'] );
$calService = new apiCalendarService($client);
$optParams = array('timeMin' => $gstart, 'timeMax'=> $gend);
$events = $calService->events->listEvents($_SESSION['google']['google_cal_id'], $optParams);

I have seen in the doc that at some point i may have to use the refresh token(which i have in the database.) What i do not know is how to use this token and when. Will setAccessToken thrown an exception at some point? What is the best way to test this as well Thanks

randy
  • 1,685
  • 3
  • 34
  • 74

2 Answers2

2

The refresh token is used if you want to keep the authentication active without the user reauthenticating. For example, we have a reporting tool using google analytics api. I need to run queries on it every 10 minutes, so once the user authenticates our app I use the refresh token so that my automated queries can run even when the user is not logged in. Basically the refresh token is used to keep the session alive without user interaction. I hope that makes sense.

user1289347
  • 2,397
  • 1
  • 13
  • 16
  • so do you do it each time? Here is where i am confused, if it get the accesstoken from the db (the entire JSON which includes the refresh-token) and $client->setAccessToken( $_SESSION['google']['access_token'] ); it works even if the user is a visitor not logged in or authenticated – randy Aug 17 '12 at 19:00
  • yes but eventually the access token will expire. So if you wanted to be able to use the token in a year from now you would not be able to. In that case you would periodically have to use the refresh token to keep the access token from expiring. – user1289347 Aug 17 '12 at 19:05
  • so what fails when the access token expires? --> $client->setAccessToken( $_SESSION['google']['access_token'] ); Is there an example on how to do this? I assume that the refresh token returns a new access token and I replace what i have in the DB with the new one? I guess the one part i am struggle with is the "periodically". I do not want to get a new one each time, i am thinking this would be really in-effecient. Thanks for your help – randy Aug 21 '12 at 15:19
  • see this page here https://developers.google.com/accounts/docs/OAuth2WebServer especially the section about offline access. There are also code examples available for multiple languages. – user1289347 Aug 21 '12 at 19:14
2

The access token expires in 3600s or one hour. But you can use refresh token to get a new access token without user re-authenticate.

For details on how to get refresh token using php, check out the accepted answer in this post: Automatically refresh token using google drive api with php script

If you use the REST API instead of the PHP SDK, it's basically sending your refresh token, client_id, secret to https://accounts.google.com/o/oauth2/token as described at the bottom of the page here

Refresh token does NOT expire unless user revoke it or you programmatically revoke it.

Community
  • 1
  • 1
user1297061
  • 1,531
  • 2
  • 13
  • 15