Google-api-php-client: check if my referesh access token is expired or not

Created on 31 Oct 2017 · 5Comments · Source: googleapis/google-api-php-client

Hi i am getting offline access token using google api oauth 2.0 as i getting offline access so i will be using refresh token later to so basically i have seen that user can revoke our application access from his apps from his account and after that our refresh access token will not work.
So is their a way we can check if our refresh token is valid or not because for shot access tokens which are valid for only 1 h we can not do this
$client->isAccessTokenExpired()
is their a way we can also check if our refresh token is expired or not so that we can safely use it.

Here is my google client code

        $google_redirect_url = $url;    
        $client = new \Google_Client(); 
        $client->setAuthConfig('/secret.json');
        $client->setRedirectUri($google_redirect_url);
        $client->setAccessType('offline');        // offline access
        $client->setIncludeGrantedScopes(true);   // incremental auth          
        $client->setApprovalPrompt('force');
        $client->setScopes(array(
            'https://www.googleapis.com/auth/plus.me',
            'https://www.googleapis.com/auth/userinfo.email',
            'https://www.googleapis.com/auth/userinfo.profile',
            'https://www.googleapis.com/auth/youtube',
            'https://www.googleapis.com/auth/youtube.upload'
        ));

or does google api provide some kind of web hook when our user revoke our app access.
P.S i have tried to explore the google docs but could not find anything
Thanks in advance

question

Source

usamamashkoor

Most helpful comment

You must write your code to anticipate the possibility that a granted refresh token might no longer work. A refresh token might stop working for one of these reasons:

The user has revoked your app's access.
The refresh token has not been used for six months.
The user changed passwords and the refresh token contains Gmail scopes.
The user account has exceeded a maximum number of granted (live) refresh tokens.

https://developers.google.com/identity/protocols/OAuth2

You can try to getAccessToken which will use refresh token for that purpose. If the call fails, that means refresh token is not valid.

UKNC on 22 Oct 2018

👍2

All 5 comments

I beleive (but am not 100% sure) that refresh tokens do not expire so that you can always use the refresh token to get a new token. If you display token and refresh token to your screen you should see an EXPIRE field. The Token probably has 3600 (1 hour) as it's expiry. What does Refresh Token show?

jshrek on 22 Nov 2017

👎1

Thank you for filing this issue. We asked some clarifying questions or suggested a course of action a week or more ago and never heard back from you. We are unable to proceed with this issue until then, so we are closing it. Please feel free to comment with more information and we will re-open this issue.

mattwhisenhunt on 6 Apr 2018

So what's the final answer. I can see it's that refresh token does not expire. Am I correct??

ggepenyan on 19 Sep 2018

👍1

You must write your code to anticipate the possibility that a granted refresh token might no longer work. A refresh token might stop working for one of these reasons:

https://developers.google.com/identity/protocols/OAuth2

You can try to getAccessToken which will use refresh token for that purpose. If the call fails, that means refresh token is not valid.

UKNC on 22 Oct 2018

👍2

OP is wondering why there isn't an explicit check if a refresh_token has expired (disconnected).