7

I am using the client-side flow described here: Client-side (JavaScript) applications.

All goes well until the access_token expires. then I get 401/403 responses. What do I need to do? I have tried gapi.auth.authorize and gapi.auth.getToken, but nothing seems to work.

As there is (understandably) no refresh token supplied by the original auth.authorize, I'm not sure what else to do.

soumya
  • 3,801
  • 9
  • 35
  • 69
kpg
  • 7,644
  • 6
  • 34
  • 67
  • I am having the same problem. There is no way to refresh the token. There are also other problems with these docs. I get an error if I include nonce as suggested and returned arguments are not as documented (audience renamed to aud, no userid returned). Not good enough Google. – Roaders Dec 20 '15 at 06:24

2 Answers2

1

From the page/section you referenced:

When the token expires, the application repeats the process.

So some of how you handle it depends on how you are implementing and using the client-side flow. In general, you should just need to redirect the user as described at https://developers.google.com/accounts/docs/OAuth2UserAgent?hl=ja#formingtheurl, but it depends on exactly how you are having them do the initial auth.

Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • I can't see that comment anywhere on that page. This seems a bit broken. – Roaders Dec 20 '15 at 06:22
  • The comment is on the page the original poster referenced, directly above the diagram outlining the user flow. I've updated the answer to clarify by providing a link to the page/section referred to. – Prisoner Dec 21 '15 at 14:24
  • As for it being "broken" - not really. Assuming the user hasn't logged out or withdrawn their consent, the "Login & Consent" portion of that flow is transparent to the user. – Prisoner Dec 21 '15 at 14:26
1

The short answer is: You don't refresh the token client-side in JavaScript, the client library does this. The longer version is more complex, but in short, don't store refresh tokens on client-side apps.

To learn more about using the Javascript client library, start here:

https://developers.google.com/+/quickstart/javascript

class
  • 8,621
  • 29
  • 30
  • @MKSafi - follow up with me offline with how you would change the client, it'd be great to hear about how you want to use it. My best contact email is on my profile. – class Aug 22 '14 at 00:41