Google-api-nodejs-client: Expiring tokens

Greetings! This stuff can be super confusing. The google-auth-library package is what's used to manage authentication for this library under the hood. Much of the token management is handled for you, but in some scenarios, like 3 legged OAuth2, you will have to get your hands dirty.

There are two types of tokens to be aware of: refresh tokens and access tokens. Lets start with the access token, because that's the easiest. The access token is what you include with every request as a header, and it typically gives you permission to do stuff against a given set of scopes for a period of time. These expire! The very first time you do the OAuth2 dance with a user, you will get both an access token and a refresh token.

Now, onto refresh tokens. The refresh token is what you use to ask for a new access token when the previous access token expires. The refresh token is unique for a given user account and client id (your app). You should store that thing carefully. Within a single session, the OAuth2Client class with grab both the refresh and access tokens, and use the refresh token to automatically acquire a new access token if needed. If you've stored a refresh token, and a user comes back at a later time, you can just set the refresh token using the OAuth2Client.setCredentials method. This will let the client do access token refreshing for ya.

I know this is a wall of text - but does any of this help? Once I better understand what's tripping you up, I think I'm going to do a blog post on this stuff.

I'll check out the library and get back to you.

@JustinBeckwith Okay, so I am storing both tokens. So, if I want my app to generate a fresh access token when my apps restarts, I should use OAuth2Client.setCredentials? How does automatic refreshing when expired work? Does the auth library also work with callbacks?

But shouldn't it already refresh the access token by doing this?

    // Check if we have previously stored a token.
    fs.readFile(TOKEN_PATH, function(err, token) {
        if (err) {
            getNewToken(oauth2Client, callback);
        } else {
            oauth2Client.credentials = JSON.parse(token);
            callback(oauth2Client);
        }
    });

I had this, but it still complained that the token expired after a while (I think it was after a few days).

So, if I want my app to generate a fresh access token when my apps restarts, I should use OAuth2Client.setCredentials?

Yes! You should populate that with an object that has refresh_token and access_token properties.

How does automatic refreshing when expired work?

We do two things. If we have the expiry_date of the access token, before ever making a request we will refresh the access token before sending the request.

Secondly, if you use the request method of the OAuth2 object (with this library does), it will automatically try to refresh the access token once in the case of a 403.

Does the auth library also work with callbacks?

Of course!

But shouldn't it already refresh the access token by doing this?

That looks cool, but really depends on what's inside of token 🤷‍♂️

I had this, but it still complained that the token expired after a while (I think it was after a few days).

That sounds really hard to debug 👻 If you can do this in a way that's reproducible... let me know how!

Greetings! We haven't heard anything on this issue for a while, so we're going to go ahead and close it out. Please do let us know if you have any other questions!