Google OAuth token expiration
Question
I have an app that is a heads up display for Google Calendar. The app is 100% client side javascript and I would like to keep it that way, but Google's OAuth token expiration keeps me from allowing a user to leave the app open, where it continues to poll the google API.
I am looking for any information from people about how to refresh a token or request a new token, while being completely transparent to the user. At the moment after 3600 seconds the app has to rerequest access to the users google accounts and the full redirect forces a break in the application.
I have tried a few other methods, first I have attempted using the server side auth which works pretty well with localStorage but fails when I try to POST for the access token after getting a request token, I have tried iframe and page post neither work :(.
If anyone has any ideas on how to auth and keep a user authed with google please share :)
1 answers
solution1
0 2013-12-06 00:24:13
Unfortunately the only way i've found of doing this uses a webserver as there's no other way to keep your client_secret secure. If this is an option to you, i've had success implementing the method described in the following Google documentation:
https://developers.google.com/accounts/docs/OAuth2WebServer
Essentially I initially request offline access on the client then on success, trade the resulting authorisation code for a refresh token using my webserver. The refresh token can also be stored in a cookie with a super long expiration. Each time my the access token then expires I use the refresh token to request another access token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.