4

I've been using google API to send emails from the server in my node.js project. I've setup credentials and created a refresh token and access token and have been using the same for over 6 months like so.

oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uris);
oAuth2Client.setCredentials({ refresh_token, access_token, scope, expiry_date });
gmail = google.gmail({ version: 'v1', oAuth2Client });
gmail.users.messages.send({ /* email details */ });

The expiry_date I'm sending is the one I received when I created my tokens the first time and so the date is a past date (over 6 months).

I remember reading that the access token expires after sometime but I'm not sure when my access_token will expire or how I'd go about creating a new one. My emails are still being sent so I'm a little confused as to why it hasn't stopped working yet.

So my questions are essentially

  1. How do I find out when my access_token will expire.
  2. Once it does expire how do I create a new one. While setting all this up the first time I remember doing it in playground but I'd prefer to set up the access_token creation process in the server code itself if I can.
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Zephyr
  • 1,612
  • 2
  • 13
  • 37

1 Answers1

6

Access tokens expire after one hour. The best and only way to know if it has expired is to try it if the access token has expired the API will return an error to you.

Refresh tokens on the other hand for the most part will not expire. Your code is most likely using the refresh token properly to request a new access token when ever it needs one. This functionality is built into the Google apis js client library for you and is not something you need to consider.

how a refresh token can expire

  1. the user can remove your access via their Google account.
  2. If the access token has not been used in six months google will automatically expire it.
  3. If you request authorization (Show the consent screen) to the user you will get a refresh token back. If you do it again you will get another refresh token¸ both will work. You can have up to fifty outstanding refresh tokens for a given user once you have hit that mark the first one will expire.
  4. Weird bug from a few years ago that when daylight savings time hit a lot of Google refresh tokens were automatically expired due to some weird bug on their end which has not happens again since :)
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Thank you for responding. From your reply I gather that the access_token I have been using so far is no longer valid (since it was created months ago) and some part of the google API is automatically creating the access_token with the refresh_token I send in? If this is the case do you know where that is happening in the code (I'd like to be sure that that is actually happening)? It would also be helpful if you could link some document that details this behavior. – Zephyr Oct 22 '20 at 10:08
  • Yes its the library that you are using that is automatically requesting a new access token for you based upon the refresh token you are supplying. Where the code is will depend upon which library you are using [Google-api-node-js client](https://github.com/googleapis/google-api-nodejs-client) vs [Google apis js client](https://github.com/google/google-api-javascript-client) I cant really tell you where the code is as its probably deep inside once of those libraries. There really isnt much documentation on how these libraries were created. – Linda Lawton - DaImTo Oct 22 '20 at 10:13
  • Ok that's fine. I'm using https://www.npmjs.com/package/googleapis. I'm a little surprised that I none of the documents I looked at had this information though. But thanks anyway. – Zephyr Oct 22 '20 at 10:20
  • 1
    The source code for the library is here im sure if you really want to know how its done then you can find the code here https://github.com/googleapis/google-api-nodejs-client There is some info in the [Read me here](https://github.com/googleapis/google-auth-library-nodejs/blob/6c1513997cef3fdefe341977a0683a614e1694de/README.md#handling-token-events) Google has loads of time to create code but it seams little time to document said projects. – Linda Lawton - DaImTo Oct 22 '20 at 10:45
  • 1
    This has been very helpful! Thanks :D – Zephyr Oct 22 '20 at 12:35