Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

How do I extend a Google OAuth token obtained on client side at server side

I have a web application that has frontend built on EmberJS and backend in Java.

I’m making the user sign in using Google OAuth and requesting the scope: https://www.googleapis.com/auth/calendar

{
  "El": "google_user_id",
  "Zi": {
    "token_type": "Bearer",
    "access_token": "access_token",
    "scope": "openid email profile https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/calendar",
    "login_hint": "login_hint",
    "expires_in": 3600,
    "id_token": "..AF16AF6oc7Fl2uv5V9r",
    "session_state": {
      "extraQueryParams": {
        "authuser": "0"
      }
    },
    "first_issued_at": 1550770587899,
    "expires_at": 1550774187899,
    "idpId": "google"
  },
  "w3": {
    "Eea": "google_user_id",
    "ig": "Shivang Tripathi",
    "ofa": "Shivang",
    "wea": "Tripathi",
    "Paa": "https://mnsbfsdbf/photo.jpg",
    "U3": "[email protected]"
  }
}

Now, I send this response to the server.
The server can use the provided “access_token” to do various tasks like get calendars list, etc by making API calls using REST.
Eg. Making a call to https://www.googleapis.com/calendar/v3/users/me/calendarList with “access_token” as Authorization Header.

I’m running into a problem though..
The token is short lived and expires in 60 minutes.

Can I somehow extend this token to never ending token or long lived token?
Facebook allows this: https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing
Can someone tell me if Google allows this from server side and how?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Turns out there's no way.

    I had to take another route, which is: https://developers.google.com/identity/protocols/OAuth2WebServer

    1. Generate a auth url and redirect the user to it: https://accounts.google.com/o/oauth2/v2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&access_type=offline&include_granted_scopes=true&state=state_parameter_passthrough_value&redirect_uri=http://localhost:5000/callback&response_type=code&client_id=

    2. Handle the callback, it has the authorization_code

    3. Use that code to get a refresh token and access token:

    4. POST /oauth2/v4/token HTTP/1.1

      Host: www.googleapis.com Content-Type: application/x-www-form-urlencoded

      code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7& client_id=your_client_id& client_secret=your_client_secret& redirect_uri=https://oauth2.example.com/code& grant_type=authorization_code


  2. 0

    It’s not true to say “there is no other way”. The correct way is to make the auth request again, but add “prompt=none”. btw “login_prompt” should be an email address or a Google user id.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search