3

I have created a project with Google OAuth2 credentials for use with Google calendar.

However the access toke expires in every 1 hour.

Can someone please help me change the expire time to 1 day.

I have use this code to access the google calendar events:

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->setAccessType('offline');
$client->setScopes(array('https://www.googleapis.com/auth/calendar'));

if (isset($_GET['code']))
    $google_oauth_code = $_GET['code'];
    $client->authenticate($_GET['code']);  
    $_SESSION['token'] = $client->getAccessToken();
    $_SESSION['last_action'] = time();
}
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449

1 Answers1

7

There are some things you need to understand about Oauth2. Access tokens are short lived they only last for one hour this is the way they work and you can not change that.

What you should be doing is storing the refresh token returned by the authentication process when you set the following.

$client->setAccessType('offline');

By using the refresh token you can request a new access token. This example might help it appears to show how to set the access token when it has expired. upload example

probably something along this lines. 

    $client = new Google_Client();
    $client->setApplicationName(APPNAME);       
    $client->setClientId(CLIENTID);             // client id
    $client->setClientSecret(CLIENTSECRET);     // client secret 
    $client->setRedirectUri(REDIRECT_URI);      // redirect uri
    $client->setApprovalPrompt('auto');

    $client->setAccessType('offline');         // generates refresh token

    $token = $_COOKIE['ACCESSTOKEN'];          

    // if token is present in cookie
    if($token){
        // use the same token
        $client->setAccessToken($token);
    }

    // this line gets the new token if the cookie token was not present
    // otherwise, the same cookie token
    $token = $client->getAccessToken();

    if($client->isAccessTokenExpired()){  // if token expired
        $refreshToken = json_decode($token)->refresh_token;

        // refresh the token
        $client->refreshToken($refreshToken);
    }

    return $client;
}
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • In my case, when I set accessType to "offline" some changes made to calendar (like add a Calendar for example) won't be sync with the users right away, is there another way to refresh/extend the token for a bit longer? – Paulo Lima Mar 24 '17 at 12:07
  • 1
    No. You can not change the fact that an access token expires after one hour. You need to use the refresh token to request a new access token this is your only option. – Linda Lawton - DaImTo Mar 24 '17 at 12:12
  • 1
    Thanks DalmTo. "refreshToken" is working fine for my project now. Thanks again. –  Mar 24 '17 at 15:11
  • Hi Paulo Lima, Check this link: "https://myaccount.google.com/u/0/permissions", and remove you old access with the project. then the refresh token will work. –  Mar 24 '17 at 15:18
  • I realize this is a noob comment, but I was confused for a while about access tokens vs id tokens. Interestingly, id tokens from the google one tap sign in ALSO have a expiration of one hour, but the expectation is to use "Automatic Sign In" https://developers.google.com/identity/gsi/web/guides/automatic-sign-in-sign-out Hopefully this helps someone in the future. – Saltymule Dec 22 '22 at 11:36
  • Id tokens are used for Signin and valid for about five minutes i think, Consider it your birth Certificate it proves you are you. While an access token is more like a drivers license it says you are allowed to drive a car. – Linda Lawton - DaImTo Dec 22 '22 at 14:33