0

Does anyone know how to obtain a refresh token for a G Suite Add on, considering that the authorization flow to obtain the user consent was handled by Apps Script?

I know how to obtain the access token with the method

ScriptApp.getOAuthToken()

But I don't know how to obtain the refresh token for a particular user.

Context:

I have an add-on that allows users to schedule recurring meetings. The user grants the app access to their calendar when they install the add-on from the G Suite Marketplace, so I can read and write on their calendars when they are running the script.

I want to send them email reminders a day before a meeting, so I want to read their calendars in the background using a cloud function when they are not running the script.

In order to do that I would need to have the refresh token for that user since the access token expires.

I'm really stuck on this for many days now. Any help would be much appreciated!

Thanks a lot.

Gabriel Aleixo
  • 13
  • 2

1 Answers1

2

You have two options:

If you set access to offline (.setParam('access_type', 'offline')) it is enough if the user grants you permission once.

ziganotschka
  • 25,866
  • 2
  • 16
  • 33
  • Thank you ziganotschka! I was able to obtain a refresh token using the first option you suggested, but I don't think it solves my problem. In order to obtain the CODE var, I still need to have the user visit a URL and authorize my script again. If I understand correctly, I'm not taking advantage of the consent I obtain when the user originally installed the add-on. Or am I missing something? I will play with the oauth2 library, thanks for the pointers! – Gabriel Aleixo Jun 23 '20 at 15:02
  • Have a read [here](https://stackoverflow.com/a/30638344/11599789) about offline access. – ziganotschka Jun 23 '20 at 15:29
  • 1
    I think I understand the issue better now. When the user installs my add-on, the initial authorization is managed by apps script under the hood. I do not have access to the client secret of the OAuth Client doing this authorization, nor the access code returned by the authorization server. The client ID appears on the Developers Console as an automatically generated "Apps Script" client ID, with no option to access the secret. My solution was to create a new client ID and request user permission again. I did that using the library you suggested, so thanks again! – Gabriel Aleixo Jun 23 '20 at 21:45