0

per https://developers.google.com/identity/oauth2/web/reference/js-reference

There doesn't seem to be a refresh_token flow. The expiration is 1 hour, so it's not terrible. But I'd like to extend the session while the user is still actively using the web app.

azBrian
  • 661
  • 1
  • 5
  • 19
  • https://developers.google.com/identity/oauth2/web/guides/use-token-model#token_expiration – Jaromanda X Sep 21 '22 at 04:57
  • @JaromandaX, calling that pops up the prompt again. That's what it's says to call it as part of a user-driven event as to avoid triggering the popup blocker. If you have an example of it working otherwise, I'd love to check it out. – azBrian Sep 22 '22 at 03:26

1 Answers1

1

As mentioned in the Answer

To refresh the access token in a transparent way for the end-user you have to use the Refresh Token, This token will also come in the response to your call.

With this token, you can do a POST call to the URL: https://www.googleapis.com/oauth2/v4/token with the following request body

client_id: <YOUR_CLIENT_ID>
client_secret: <YOUR_CLIENT_SECRET>
refresh_token: <REFRESH_TOKEN_FOR_THE_USER>
grant_type: refresh_token

refresh token never expires so you can use it any number of times. The response will be a JSON like this:

{
  "access_token": "your refreshed access token",
  "expires_in": 3599,
  "scope": "Set of scope which you have given",
  "token_type": "Bearer"
}

You can also refer to the Github issue and Answer where a suggested approach is to use a listener and reloadAuth.

For more information, you can refer to the documentation ,Answer and doc.

Divyani Yadav
  • 1,030
  • 4
  • 9
  • 1
    GIS doesn't have an equivalent for GoogleUser.reloadAuthResponse() Sadly, the service that GoogleUser is part of is being phased out in March 2023 so I don't want to build my web app around it. I'm also not using the Identity part of the Identity service. I'm using the oauth2 part in order to get a access_token to use with other Google Cloud APIs (mostly Google Drive API) – azBrian Sep 22 '22 at 04:09
  • To be clear, thank you for doing the digging you did. Sadly, everything seems to be referencing the old system that is going away. With how poorly the flow was documented for the old system, I'm really hoping that there is a way to get a refreshed auth_token that I simply just haven't found yet. – azBrian Sep 22 '22 at 04:13
  • @azBrian edited my answer is it helpful? if not can you edit your question and briefly explain the issue so it will be easier to troubleshoot. – Divyani Yadav Sep 22 '22 at 13:08