Google API: How to increase access token expiration date?

11.4k views Asked by At

Google API expiration date is 1 hour, the problem is that I'm using the API in order allow users to use admin SDK features (List groups, add members to a group etc.)

No one can do any of that in one hour, that would require users to login to their accounts multiple times per day to manage their groups. A 1 hour expiration date is good if you just want to use Google to authenticate users.

How to increase that or is there any work around? Am I missing something?

2

There are 2 answers

3
Jacque On BEST ANSWER

Due to security reasons, you cannot change the duration of the access token's expiry. However, you can refresh an access token without prompting the user for permission if you requested offline access to the scopes associated with the token.

  • If you use a Google API Client Library, the client object refreshes the access token as needed as long as you configure that object for offline access.
  • If you are not using a client library, you need to set the access_type HTTP query parameter to offline when redirecting the user to Google's OAuth 2.0 server. In that case, Google's authorization server returns a refresh token when you exchange an authorization code for an access token. Then, if the access token expires (or at any other time), you can use a refresh token to obtain a new access token.
0
Sayad Ahmed Shaurov On

You cannot increase the expiration time for access_code.

However, you can generate new access token if the current access token expires!

  1. First get the authentication code.
  2. Get refresh_token from google using authentication code.
  3. Get access_token using refresh_token when it expires.

I assume that you have the authentication code. If you do not have the code then here is an article on how you can integrate oauth to your react app and get the authentication code from google. You can check this out for more details.

Generating refresh and access token:

Replace the essential values (code, client_id, client_secret) inside payload.

let payload = {
  grant_type: 'authorization_code',
  code: '****SFJSDFJKAN-DF',
  client_id: '******.googleusercontent.com',
  client_secret: 'GOCS*******m5Qzg',
  redirect_uri: 'http://localhost:3000',
};

axios
  .post(`https://oauth2.googleapis.com/token`, payload, {
    headers: {
      'Content-Type': 'application/json;',
    },
  })
  .then((res: any) => {
    return res.data;
  })
  .then((response: any) => {
    console.log('refresh token: ', response);
  })
  .catch((err) => console.log('err: ', err));

You will get a response like this:

{
    access_token: "********KAjJZmv4xLvbAIHey",
    expires_in: 3599,
    id_token: "***************VeM7cfmgbvVIg",
    refresh_token: "***************VeM7cfmgbvVIg",
    scope: "https://www.googleapis.com/auth/gmail.readonly openid 
            .....
            .....
            https://mail.google.com/",
    token_type: "Bearer",
}

Save your refresh and access token. Now you can use refresh token to generate new access token!

Generate new access token from refresh token.

let payloadForAccessToken = {
  grant_type: 'refresh_token',
  refresh_token: '*******SFKNSK***',
  client_id: '******.googleusercontent.com',
  client_secret: '*****cxCsrf***8UUm5Qzg',
};

axios
  .post(`https://oauth2.googleapis.com/token`, payloadForAccessToken, {
    headers: {
      'Content-Type': 'application/json;',
    },
  })
  .then((res: any) => {
    return res.data;
  })
  .then((res) => {
    console.log('new token response: ', res);
  })
  .catch((err) => console.log('err: ', err));