0

I am using the Drive API and the Google Sheets API to list users private and public spreadsheets using Google Console app.

I want the user to log in to our app the first time to view their files (this process is working). Now I want this user can access his files list without login after first-time authorization.

According to the Google guide, for this, I need to generate the access token and refresh token. I am having both the access token and refresh token. here:

{
  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
  "expires_in":3920,
  "token_type":"Bearer",
  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
}

Now how I can use the refresh token and access token for users to avoid login in again and again. Please give a step-by-step process.

Christian
  • 4,902
  • 4
  • 24
  • 42
techie
  • 13
  • 6
  • If you have the access token then just use that in your request. Once the access token has expired use the refresh token to get another access token. – Linda Lawton - DaImTo May 22 '17 at 12:53
  • everything is working right. But after logout app prompt use to password before the consent screen. I used the code in same way as you described. – techie May 22 '17 at 13:06
  • If the user doesn't login, then how do you know who he is and which Drive account he should access? – pinoyyid May 22 '17 at 16:28
  • posting here your actual refresh token makes your drive public. anyone can at least download your files. – Zig Mandel May 22 '17 at 21:52
  • @Zig Mandel thanks. Actually we want our users to access their google's spreadsheets by our app (spreadsheet widget) for data based graph display. But we want to login once by their google account and next all attempt to access graphs should be managed without login to google. I use stack and google documentation for this. According to these documents, I need access_type offline. Thats done.-> I got the code -> by the code I got the access & refresh tokens. But now I got stuk what to do and how to do. So help me with the proper steps and process to achieve this. – techie May 23 '17 at 07:02
  • you need to revoke that token to stop making your drive publicly available. then google for a oauth2 guide. google has one in their offcial oauth2 docs. – Zig Mandel May 23 '17 at 12:56

2 Answers2

1
{
  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
  "expires_in":3920,
  "token_type":"Bearer",
  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
}

With the access_token you can get data from your google APIs. The token is specific to the API you have got it from. Use it as Authorization: Bearer 1/fFAGRNJru1FTz70BzhT3Zg).

You can use the refresh token to renew the access token. Access tokens expire after some time (3920 secs in your case).

Christian
  • 4,902
  • 4
  • 24
  • 42
Aman Anand
  • 11
  • 1
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 04 '22 at 10:37
  • Hi, welcome to SO! I have rephrased your answer a bit because it appeared in a review queue and the community bot was complaining ;) I hope it's still fine. – Christian Apr 06 '22 at 23:26
0

The general Google API docs just say:

Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

See https://developers.google.com/identity/protocols/oauth2?hl=en

Here's a step by step instruction available for the playground: https://github.com/ivanvermeyen/laravel-google-drive-demo/blob/master/README/2-getting-your-refresh-token.md

Please have a look at this SO question/answer. An answer in this URL provides the following code:

window.gapi.client.init({
  apiKey: this.GOOGLE.API_KEY,
  clientId: this.GOOGLE.CLIENT_ID,
  discoveryDocs: DISCOVERY_DOCS,
  scope: SCOPES
}).then(()=>{
  const authInstance = window.gapi.auth2.getAuthInstance();
  authInstance.grantOfflineAccess()
   .then((res) => {
      console.log(res);
      this.data.refreshToken = res.code;
   });
});
Christian
  • 4,902
  • 4
  • 24
  • 42