Access token not getting refreshed automatically Google node sdk

Question

According to Google node sdk docs: "This library will automatically use a refresh token to obtain a new access token if it is about to expire.". But it's not happening in my case. After an hour or so I'm getting 400 invalid_request error.

Here's my implementation:

import { calendar_v3, google } from "googleapis";

const oauth2Client = new google.auth.OAuth2(
      process.env.NEXT_PUBLIC_GOOGLE_CLIENT_ID,
      process.env.GOOGLE_CLIENT_SECRET,
      process.env.NEXT_PUBLIC_GOOGLE_REDIRECT_URI
    );
    oauth2Client.setCredentials({
      refresh_token: gRefToken,
      access_token: gAccToken,
    });

const calendar = google.calendar({
      version: "v3",
      auth: oauth2Client,
    });

resCalEventsFromLastSync = await calendar.events.list({
        calendarId: "primary",
        timeMin: new Date().toISOString(),
        timeMax,
        singleEvents: true,
      });

Full error I'm getting:

{
  "response": {
    "config": {
      "method": "POST",
      "url": "https://oauth2.googleapis.com/token",
      "data": "refresh_token=1T_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
      "headers": {
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "google-api-nodejs-client/7.3.0",
        "x-goog-api-client": "gl-node/14.17.0 auth/7.3.0",
        "Accept": "application/json"
      },
      "body": "refresh_token=1T_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
      "responseType": "json"
    },
    "data": {
      "error": "invalid_request",
      "error_description": "Could not determine client ID from request."
    },
    "headers": {
      "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
      "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
      "connection": "close",
      "content-encoding": "gzip",
      "content-type": "application/json; charset=utf-8",
      "date": "Wed, 14 Jul 2021 21:29:59 GMT",
      "expires": "Mon, 01 Jan 1990 00:00:00 GMT",
      "pragma": "no-cache",
      "server": "scaffolding on HTTPServer2",
      "transfer-encoding": "chunked",
      "vary": "Origin, X-Origin, Referer",
      "x-content-type-options": "nosniff",
      "x-frame-options": "SAMEORIGIN",
      "x-xss-protection": "0"
    },
    "status": 400,
    "statusText": "Bad Request",
    "request": { "responseURL": "https://oauth2.googleapis.com/token" }
  },
  "config": {
    "method": "POST",
    "url": "https://oauth2.googleapis.com/token",
    "data": "refresh_token=1%2F%9Ir67CtgIIoYZT_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
    "headers": {
      "Content-Type": "application/x-www-form-urlencoded",
      "User-Agent": "google-api-nodejs-client/7.3.0",
      "x-goog-api-client": "gl-node/14.17.0 auth/7.3.0",
      "Accept": "application/json"
    },
    "body": "refresh_token=1%2F%2F0gr67CtgIIoYZT_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
    "responseType": "json"
  },
  "code": "400"
}

PS: My app is currently in unverified state but note sure if that has something to do with it.

Answer 1

This example from the Google Calendar api shows how the token can be loaded from a flat file called token.json.

Notice how get getAccessToken is called to load the token itself.

Remember that if your app is in the testing phase that your refresh token will expire after about seven to fourteen days.

const fs = require('fs');
const readline = require('readline');
const {google} = require('googleapis');

// If modifying these scopes, delete token.json.
const SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'];
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
const TOKEN_PATH = 'token.json';

// Load client secrets from a local file.
fs.readFile('credentials.json', (err, content) => {
  if (err) return console.log('Error loading client secret file:', err);
  // Authorize a client with credentials, then call the Google Calendar API.
  authorize(JSON.parse(content), listEvents);
});

/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 * @param {Object} credentials The authorization client credentials.
 * @param {function} callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) {
  const {client_secret, client_id, redirect_uris} = credentials.installed;
  const oAuth2Client = new google.auth.OAuth2(
      client_id, client_secret, redirect_uris[0]);

  // Check if we have previously stored a token.
  fs.readFile(TOKEN_PATH, (err, token) => {
    if (err) return getAccessToken(oAuth2Client, callback);
    oAuth2Client.setCredentials(JSON.parse(token));
    callback(oAuth2Client);
  });
}

/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 * @param {google.auth.OAuth2} oAuth2Client The OAuth2 client to get token for.
 * @param {getEventsCallback} callback The callback for the authorized client.
 */
function getAccessToken(oAuth2Client, callback) {
  const authUrl = oAuth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: SCOPES,
  });
  console.log('Authorize this app by visiting this url:', authUrl);
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
  });
  rl.question('Enter the code from that page here: ', (code) => {
    rl.close();
    oAuth2Client.getToken(code, (err, token) => {
      if (err) return console.error('Error retrieving access token', err);
      oAuth2Client.setCredentials(token);
      // Store the token to disk for later program executions
      fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) => {
        if (err) return console.error(err);
        console.log('Token stored to', TOKEN_PATH);
      });
      callback(oAuth2Client);
    });
  });
}

/**
 * Lists the next 10 events on the user's primary calendar.
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function listEvents(auth) {
  const calendar = google.calendar({version: 'v3', auth});
  calendar.events.list({
    calendarId: 'primary',
    timeMin: (new Date()).toISOString(),
    maxResults: 10,
    singleEvents: true,
    orderBy: 'startTime',
  }, (err, res) => {
    if (err) return console.log('The API returned an error: ' + err);
    const events = res.data.items;
    if (events.length) {
      console.log('Upcoming 10 events:');
      events.map((event, i) => {
        const start = event.start.dateTime || event.start.date;
        console.log(`${start} - ${event.summary}`);
      });
    } else {
      console.log('No upcoming events found.');
    }
  });
}

Answer 2

I feel stupid. turned out env variables were missing as mentioned in the error: Could not determine client ID from request. Not sure why it works for first hour of authorization. It's all sorted now.