How should I use refresh tokens with Google Picker and Google Drive?

Question

The problem:

I have a app on google script's platform, that's meant to allow uploads to Google Drive without using any account. The upload feature works well but I'm having issues with very long/big uploads. I'm trying to solve this since a week now, mostly because I need to test the expiration of the tokens.

When a user tries to upload a big file (20/30 GB) to the server, the Auth token expires Error Screenshot 1 and then I get this error Error screenshot 2.

So, what I need is to use a token that would expire in more than 5 hours. I did try to use a refresh token but I ended up very confused. I did created the refresh token in OAuth 2.0 Playground.

Things I've tried:

1. Pass the refresh token in the setOAuthToken. (Rejected by the function)
2. Use the refresh token to use setOAuthToken but it failed.

Questions

1. Can I permanently authorize the app access to Picker? (since it's always the same user accesing the drive on the server side code)?

2. Should I use a refresh token to obtain an Auth token?

Original Code:

  var a = (new google.picker.PickerBuilder)
   .addView(t)
   .enableFeature(google.picker.Feature.NAV_HIDDEN)
   .setOAuthToken("<?= ScriptApp.getOAuthToken(); ?>")
   .enableFeature(google.picker.Feature.MULTISELECT_ENABLED)
   .hideTitleBar()
   .setSize(DIALOG_DIMENSIONS.width - 2, DIALOG_DIMENSIONS.height - 2)
   
   .setCallback(pickerCallback).setOrigin(config.FORM_EMBED_DOMAIN)
   .build()
   

Any help will be extremely appreciated.

Answer 1

afaik, the Picker can't take a Refresh Token and use this to renew its Access Tokens. This is almost certainly by design, since Refresh Tokens should never be on an insecure device such as a browser.

The only approach I can suggest would be to:-

A 1. have a Refresh Token on a secure server

2. implement your own endpoint to return an Access Token using the stored refresh Token

or

B 1. Use gapi, immediate=true (or however you currently obtain an Access Token)

3. Have a setTimeout/setInterval function which every 59 minutes, gets a new Access Token using option A or B

4. Poke this into the Picker object by finding the internal property where the Access Token is stored.

This is fugly and fragile, but I honestly can't think of a better answer.

Answer 2

The suggested solutions did not solve the problem.

I tried the same using Google forms, I tried to upload the same files I used to test the error described in the original question. It turns out, I have the exactly same error!

So, I think is a case of "worked as design". I already sent a error report to Google, we have a G Suite Account, I hope we receive some feedback. But I think is not something easy to solve.

The main problem with the google form alternative, is that it requires a Gmail/Google account, and if the files you want to upload are bigger than your free quota, the upload will fail. I'm trying with a personal account with 21 GB (the uploader) and an unlimited G Suite account (receiver and form owner).

---

So,

After a lot of testing different options, the easiest/fastest solution is to limit the clients to upload up to 3 files (because you can upload 3 files at the time during the beginning of the process). When you try to upload the 4th file you'll get an authentication error.

Case closed!

Answer 3

You can dispose created picker object after 1hr, and create a new one with freshly obtained access_token

https://developers.google.com/picker/docs/reference#picker

Look at method dispose in API description