0

I'm making web app using google calendar api.

In this app, I request user to authorize Google Calendar Access with Google Oauth2 on register.

My problem is a token returned has expires in 1 hours, so users have to authorize everytime.

I understand I can't change expire time in Google API.

My question is how can I keep oauth token active?

Do I have to make cron updating token with refresh token?

thanks,

kazuwombat
  • 1,515
  • 1
  • 16
  • 19
  • If you have the refresh URI, why not do what Google's client libraries do - attempt to refresh if expired, and raise / reprompt if no access is obtained. – tehhowch Sep 17 '18 at 18:11
  • Thank you techhowch. You mean Google client libraries automatically update token? – kazuwombat Sep 18 '18 at 02:04
  • I use this library https://github.com/zquestz/omniauth-google-oauth2 with rails It means client library automatically update token with application process background, even if user doesn't access application for long time? > handle refresh for you when the access token is no longer valid – kazuwombat Sep 18 '18 at 04:01
  • That is not one of Google's client libraries – tehhowch Sep 18 '18 at 10:43
  • ah sorry, I use this one https://github.com/googleapis/google-api-ruby-client – kazuwombat Sep 18 '18 at 14:14
  • similar post here https://stackoverflow.com/questions/21707734/refresh-token-using-omniauth-oauth2-in-rails-application – kazuwombat Sep 18 '18 at 14:33
  • 1
    If you have specific language and client libraries of relevance, consider adding those tags to your question to help your question find the correct audience. – tehhowch Sep 18 '18 at 14:35

2 Answers2

0

I've found docs about auto on java

https://developers.google.com/api-client-library/java/google-api-java-client/oauth2

An access token typically has an expiration date of 1 hour, after which you will get an error if you try to use it. GoogleCredential takes care of automatically "refreshing" the token, which simply means getting a new access token

I'm wondering Ruby also has the auto update.

https://developers.google.com/api-client-library/ruby/auth/web-app#exchange-authorization-code

After a user grants offline access to the requested scopes, you can continue to use the API client to access Google APIs on the user's behalf when the user is offline. The client object will refresh the access token as needed.

kazuwombat
  • 1,515
  • 1
  • 16
  • 19
0

Finally, I get answer by asking on Github issue

https://github.com/googleapis/google-api-ruby-client/issues/719

kazuwombat
  • 1,515
  • 1
  • 16
  • 19