Upload file via PHP to Google Drive using API no consent screen

Question

Following the steps in this tutorial, I was able to upload a file to my Google Drive via API, the priority is to upload it without the user doing the confirmation of consent.

How do I authorise an app (web or installed) without user intervention? (canonical ?)

However, I noticed that the Refresh Token has to be updated every time and for this reason, I looked for another solution to send files without the consent screen being sent to the user.

http://ben.akrin.com/?p=2080

In the first hours everything went well, however, now it does not return TOKEN and consequently no longer carries the upload.

<?php

function get_access_token( $force_refresh=false ) {
    global $client_id, $client_secret, $refresh_token, $verbose ;

    if( $verbose ) { echo "> retrieving access token<br />" ; }

    $token_filename = "/tmp/access_token_" . md5( $client_id . $client_secret . $refresh_token ) ;
    $access_token = "" ;

    if( !file_exists($token_filename) || $force_refresh===true ) {

     // no previous access token, let's get one
     if( $verbose ) { echo ">   getting new one<br />" ; }

     $ch = curl_init();
     curl_setopt( $ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token" ) ;
     curl_setopt( $ch, CURLOPT_PORT , 443 ) ;
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ) ;
     curl_setopt( $ch, CURLOPT_POST, 1 ) ;     
     curl_setopt( $ch, CURLOPT_POSTFIELDS, "client_id={$client_id}&client_secret={$client_secret}&refresh_token={$refresh_token}&grant_type=refresh_token" ) ;
     curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ) ;
     curl_setopt( $ch, CURLOPT_HEADER, true ) ;
     curl_setopt( $ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded") ) ;
  
  echo "Curl error: " . curl_error($ch) . "<br />";

     $response = curl_exec( $ch ) ;
     $response = parse_response( $response ) ;

     // todo: make sure that we got a valid response before retrieving the access token from it

     $access_token = json_decode( $response["body"] ) ;
     $access_token = $access_token->access_token ;
     file_put_contents( $token_filename, $access_token ) ;
 } else {

  // we already have something cached, with some luck it's still valid
     $access_token = file_get_contents( $token_filename ) ;
     if( $verbose ) { echo ">   from cache<br />" ; }
 }

 if( $access_token=="" ) {
  echo "ERROR: problems getting an access token<br />" ;
  exit( 1 ) ;
 }

    return  $access_token ;
}

?>

Is it possible to integrate my application with Google Drive without the consent screen and without the need to always renew this TOKEN?

Answer 1

I wrote the answer you referred to.

You've misunderstood what a refresh token is. Once you have a refresh token you should store it securely and reuse it whenever you want an access token. The refresh token does NOT expire - well not usually, see below. So when you say "I noticed that the Refresh Token has to be updated every time", that isn't true.

You will normally only get a refresh token the first time it is requested. Subsequent requests will return a null. The user will need to revoke authorization and re-authorize to get another token. But again, you should store the first refresh token you get and reuse that indefinitely.

On expiring refresh tokens... Whereas a refresh token is very very long lived, they are sometimes expired by Google. One situation (I believe from hearsay) is that tokens can be expired if the user changes his password. This would make sense since a stored refresh token is roughly analogous to a stored username/password. I've also seen tokens expire for no apparent reason, 6 months or so after being created.