0

I am creating a service where people will send emails to this one email account and this email account will regularly poll for new emails. The problem that I am having is that I will need to authenticate my email account and allow my service to call Google APIs to read it's mail box.

I was wondering if it would be alright to just authenticate myself once before deploying the service and then storing the access and refresh tokens in a database and then using those tokens to make the API calls. Are there any foreseeable problems such as the tokens expiring?

And if there are, do you have any suggestions on making API calls to the account without me having to login to the account to authenticate myself?

Ruben Lopez
  • 704
  • 7
  • 18
developer
  • 45
  • 5
  • If you haven't seen it yet, here is a [documentation](https://developers.google.com/gmail/api/auth/about-auth) that will lead you to a step by step process on how to authorized your app with Gmail. You can check [here](https://developers.google.com/gmail/api/auth/web-server#exchange_the_authorization_code_for_an_access_token) that you can exchange your server's one-time authorization code for an access token. This access token is passed to the Gmail API to grant your application access to user data for a limited time. For further info, https://developers.google.com/identity/protocols/OAuth2 – MαπμQμαπkγVπ.0 Aug 06 '18 at 07:08
  • I saw that before, do you know if the Google Refresh tokens have an expiration time? – developer Aug 06 '18 at 16:35
  • See this https://stackoverflow.com/questions/8953983/do-google-refresh-tokens-expire – MαπμQμαπkγVπ.0 Aug 07 '18 at 02:56

1 Answers1

0

What you are wondering is correct. As you are getting a refresh token, you are asking for offline access which means you want make API calls on behalf of the user when is not present.

Access tokens have an expiration time, refresh tokens don't. However, there are some scenarios where refresh tokens could be revoked (and you need to handle them). So you have to use access tokens to make API calls and refresh tokens to generate new access tokens (when those have expired).

Ruben Lopez
  • 704
  • 7
  • 18