Google OAuth - Getting a new access token when the user is actually logged in

0
votes

I am trying to build something which uses the Google Calendar API. I have been able to authenticate the user using Google's OAuth 2.0 for Login (OpenID Connect). After completing all the steps, I get a "access_token" and a id_token.

Using the access_token, I am able to fetch a user's list of calendar events. However, the access_token expires after 3600 seconds (1 hour).

How do I get a new access_token for the user after the end of the 3600 seconds interval?

P.S. I have been reading up on this and most articles I find advise me to get a "refresh_token" which can be used to issue another access_token once it expires. But my app does not need to fetch the user's calendar events when the user is not logged in, hence offline access is not required. I only need to access the user's data when he actually logs in to my app.

1
authenticationoauth-2.0google-apigoogle-calendar-apigoogle-oauth
You need to store the Refreshtoken your application was given in order to access your users data the next time they login as well as if they have been logged in for more then an hour. It has nothing to do with off line access. - DaImTo

1 Answers

0
votes

If the access token has expired, you'll need to redirect them through the OpenID Connect flow again. Since they have already approved access they won't be prompted again, and your app will get a fresh set of credentials.