6

The application I'm working on has a mailing function. When I tried sending a mail more than an hour after logging I was greeted with an error. The access token expired, forcing you to log in again.

But how do I refresh the access token? I know that I first have to check if the token has expired, then send a request with the refresh token and lastly save the access token that is returned.

I have now created a middleware and applied it to a route in web.php, like this:

Route::get('create', 'EmployeeController@create')
                ->middleware('refresh');

Then in the middleware I have the following code:

public function handle($request, Closure $next)
{
    dump(session('user'));
    $client = new Google_Client();
    $client->setAccessToken(['access_token' => session('user')->token, 'expires_in' => session('user')->expiresIn]);
    $_SESSION['token'] = $client->getAccessToken();
    $client->setAccessToken($_SESSION['token']);
    if( $client->isAccessTokenExpired() ) {
      echo "expired";
    }
    else {
      echo "not expired";
    }
    return $next($request);
}

I'm aware that this doesn't do anything even close to what I want. But when I login it always seems to echo 'expired' even when I have just logged in. I think that's because I haven't specified an expiration datetime, but I don't know how to set one seeming as socialite only supports these basic functions: 

$token = $user->token;
$refreshToken = $user->refreshToken; // not always provided
$expiresIn = $user->expiresIn;

The question closest I could find to my problem was this: How can I manage OAuth refresh tokens with Laravel? Which tells me to add offline acces, like this:

return Socialite::driver('google')->scopes([ 'email', 'profile', 'https://www.googleapis.com/auth/gmail.compose' ])
            ->with(["access_type" => "offline", "prompt" => "consent select_account"])
    ->redirect();

This doesn't really help me though, as I don't know what to do from there on out, or if it's even really necessary.

I wouldn't be surprised if I missed something obvious or did something incredibly stupid, but I'm really hitting a wall here.

Edit: I now realize that instead of socialite I should probably use the Google API since I used that to login in the first place. I now have this following code:

public function handle($request, Closure $next)
{
  dump(session('user'));
  $client = new Google_Client();
  $client->setAccessToken(['access_token' => session('user')->token, 'expires_in' => session('user')->expiresIn]);
  $client->setAccessType('offline');
  $refreshToken = Auth::User()->remember_token;
  $token = session('user')->token;
  $client->revokeToken();
  $client->refreshToken($refreshToken);
  $newToken=$client->getAccessToken();
  echo "old token: <br>" . $token . "<br> New token: <br>";
  print_r($newToken);
  echo "<br> refreshToken: <br>" . $refreshToken . "<br>" . "client accestoken: <br>";
  session('user')->accessToken = $newToken;
  print_r(session('user')->accessToken);
  dump($client);
  return $next($request);
}

However the acces token doesn't change, why not?

Community
  • 1
  • 1
Snackoverflow
  • 736
  • 9
  • 31
  • 1
    why not save your token or refresh token in your remember token field in db or store in a session and get the token with Socialite::driver('google')->userFromToken(session('access_token')); – Sodruldeen Mustapha Jul 04 '19 at 14:19

0 Answers0