5

I am working on Nodejs Google Api client Oauth process. I follow what the code example for oauth, https://github.com/google/google-api-nodejs-client/blob/master/examples/oauth2.js.

I have one question. How do I check if the access token is expired and how do I use the refresh token to get another access token again?

To be more specific, let's say get access to google+ user profile, so I use the access token to get user profile:

getAccessToken(oauth2Client, function() {
    // retrieve user profile
    getUserProfile(client, oauth2Client, 'me', function(err, profile) {
      if (err) {
        console.log('An error occured', err);
        return;
      }
      console.log(profile.displayName, ':', profile.tagline);
    });
  });

In addition, in the client side of the application(backbonejs), if I am attempting to use google api JS client to access the google drive api (not google plus), I am not sure if I can use the access token I get from server side of the application (nodejs) or I have to do another OAuth using google api JS client.

RockTheStar
  • 650
  • 1
  • 8
  • 21
user3203518
  • 51
  • 1
  • 3

1 Answers1

7

Best practice to determine if an access token is expired is to try and use it. Although the bundle returned includes the *expires_in* parameter, indicating the number of seconds until the access token expires, this isn't reliable, since it may be revoked and replaced for other reasons at any time.

The procedure then typically is

  1. Attempt to make the call using the access token
  2. If you get an "unauthorized" response, use the referesh token to get a new access token. If this fails, your permission has been revoked
  3. Attempt to make the call using the new access token again

If you're using the library to do other Google API calls - this will be handled for you automatically.

Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • Thanks for your response! How can I use the refresh token? (code wise). Also, for your last statement, I am a bit confused; what will be handled? You mean the oauth? what do you mean by other API calls? Explicitly,do you know how to write codes to make use of refresh token to get access token again? Much appreciation! – user3203518 Apr 03 '14 at 17:22
  • I can answer your questions, but it might help if we knew a little more about the background of what you are doing. How are you using the access token once you get it? Are you using the google-api-nodejs-client library to access other Google APIs besides OAuth? If so, which ones? (If not, why not? And how are you accessing those APIs?) (And go ahead and edit your question and say that you have.) – Prisoner Apr 03 '14 at 20:51
  • Great, thanks! The description is edited now. Is that more clearer? – user3203518 Apr 08 '14 at 05:11
  • I assume you solved this already, but in case others are looking, there is a method on the google authClient called `refreshAccessToken`, which will manually refresh the access token. – BarthesSimpson Nov 18 '15 at 17:18