3

Google API expiration date is 1 hour, the problem is that I'm using the API in order allow users to use admin SDK features (List groups, add members to a group etc.)

No one can do any of that in one hour, that would require users to login to their accounts multiple times per day to manage their groups. A 1 hour expiration date is good if you just want to use Google to authenticate users.

How to increase that or is there any work around? Am I missing something?

Lynob
  • 5,059
  • 15
  • 64
  • 114

2 Answers2

7

Due to security reasons, you cannot change the duration of the access token's expiry. However, you can refresh an access token without prompting the user for permission if you requested offline access to the scopes associated with the token.

  • If you use a Google API Client Library, the client object refreshes the access token as needed as long as you configure that object for offline access.
  • If you are not using a client library, you need to set the access_type HTTP query parameter to offline when redirecting the user to Google's OAuth 2.0 server. In that case, Google's authorization server returns a refresh token when you exchange an authorization code for an access token. Then, if the access token expires (or at any other time), you can use a refresh token to obtain a new access token.
Jacque
  • 757
  • 4
  • 9
  • if I just do `$client->setAccessType('offline')`like here https://developers.google.com/admin-sdk/directory/v1/quickstart/php, everything should work fine? – Lynob Nov 20 '18 at 11:24
  • May I use the token in other parts of the app? Say I store it in mysql, and it expires, and then the user decides to visit the app 4 hours from now, I call google's client using the token that is stored in my db, does it recognize that it's an old token and refreshes it? – Lynob Nov 20 '18 at 13:16
  • `$client->setAccessType('offline')` should work. After a user grants offline access to the requested scopes, you can continue to use the API client to access Google APIs on the user's behalf when the user is offline. The client object will refresh the access token as needed. – Jacque Nov 20 '18 at 23:36
0

You cannot increase the expiration time for access_code.

However, you can generate new access token if the current access token expires!

  1. First get the authentication code.
  2. Get refresh_token from google using authentication code.
  3. Get access_token using refresh_token when it expires.

I assume that you have the authentication code. If you do not have the code then here is an article on how you can integrate oauth to your react app and get the authentication code from google. You can check this out for more details.

Generating refresh and access token:

Replace the essential values (code, client_id, client_secret) inside payload.

let payload = {
  grant_type: 'authorization_code',
  code: '****SFJSDFJKAN-DF',
  client_id: '******.googleusercontent.com',
  client_secret: 'GOCS*******m5Qzg',
  redirect_uri: 'http://localhost:3000',
};

axios
  .post(`https://oauth2.googleapis.com/token`, payload, {
    headers: {
      'Content-Type': 'application/json;',
    },
  })
  .then((res: any) => {
    return res.data;
  })
  .then((response: any) => {
    console.log('refresh token: ', response);
  })
  .catch((err) => console.log('err: ', err));

You will get a response like this:

{
    access_token: "********KAjJZmv4xLvbAIHey",
    expires_in: 3599,
    id_token: "***************VeM7cfmgbvVIg",
    refresh_token: "***************VeM7cfmgbvVIg",
    scope: "https://www.googleapis.com/auth/gmail.readonly openid 
            .....
            .....
            https://mail.google.com/",
    token_type: "Bearer",
}

Save your refresh and access token. Now you can use refresh token to generate new access token!

Generate new access token from refresh token.

let payloadForAccessToken = {
  grant_type: 'refresh_token',
  refresh_token: '*******SFKNSK***',
  client_id: '******.googleusercontent.com',
  client_secret: '*****cxCsrf***8UUm5Qzg',
};

axios
  .post(`https://oauth2.googleapis.com/token`, payloadForAccessToken, {
    headers: {
      'Content-Type': 'application/json;',
    },
  })
  .then((res: any) => {
    return res.data;
  })
  .then((res) => {
    console.log('new token response: ', res);
  })
  .catch((err) => console.log('err: ', err));
Sayad Ahmed Shaurov
  • 499
  • 1
  • 7
  • 10