Any way to create a new Google Calendar event without token.pickle

Question

Using token.pickle is quite frustrating, as every couple of weeks the token expires, and then I need to manually delete it from my source files in code, so it can regenerate itself, and then I need to re-authenticate it from my account.

Is there a way I can just create a new service without it? I know it's possible for Google sheets files. This is what that looks like:

def get_g_sheets_service():
 SERVICE_ACCOUNT_FILE = 'key.json'
 SCOPES = ['https://www.googleapis.com/auth/spreadsheets']

 creds = None
 creds = service_account.Credentials.from_service_account_file(
    SERVICE_ACCOUNT_FILE, scopes=SCOPES)

 SCOPES = ['https://www.googleapis.com/auth/spreadsheets']

 SAMPLE_SPREADSHEET_ID = 'ID_GOES_HERE'
 service = build('sheets', 'v4', credentials=creds)
 return service

but, the way to get a service for the calendar API looks like this:

import datetime
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request

# If modifying these scopes, delete the file token.pickle.
SCOPES = ['https://www.googleapis.com/auth/calendar']

CREDENTIALS_FILE = 'path_to_file/credentials.json'

def get_calendar_service():
   creds = None
   # The file token.pickle stores the user's access and refresh tokens, and is
   # created automatically when the authorization flow completes for the first
   # time.
   if os.path.exists('token.pickle'):
       with open('token.pickle', 'rb') as token:
           creds = pickle.load(token)
   # If there are no (valid) credentials available, let the user log in.
   if not creds or not creds.valid:
       if creds and creds.expired and creds.refresh_token:
           creds.refresh(Request())
       else:
           flow = InstalledAppFlow.from_client_secrets_file(
               CREDENTIALS_FILE, SCOPES)
           creds = flow.run_local_server(port=0)

       # Save the credentials for the next run
       with open('token.pickle', 'wb') as token:
           pickle.dump(creds, token)

   service = build('calendar', 'v3', credentials=creds)
   return service

Notice the token.pickle file?

How can I not deal with it?

Answer 1

why is the token.pickle expring?

The token.pickle should contain an access token and a refresh token which was created with the user consented to your application accessing their data. Access tokens are used to access user data and expire after an hour, refresh tokens are use to request a new access token when it has expired. This is done automatically via the client library you are using. Refresh tokens for the most part should not be expiring see: experation .

You need to be sure you are always storing the most recent refresh token.

If your application is still in the testing phase refresh tokens will expire after seven days. see: experation

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.

The solution is to go to google cloud console under the oauth2 consent screen and set your application to production.

service accounts

If this google calendar is part of google workspace. then your workspace admin could grant a service account domain wide delegation and allow you to impersonate a user on the domain with the service account. This form for authorization is much easer and will not have the same expiration token issues as the authorization is configured via workspace.

Service accounts only work though google calendar with workspace domain accounts.