Refresh oauth2 token google api and HWIOAuthBundle

10
votes

How i can refresh token ? I use Google api with this token - it work but can't find how to refresh it, in this example we dont save expired time. I require 

`access_type:     offline `

then 

$client = new Google_Client();
        //$client->setClientId($GoogleClientId);
        $client->setApplicationName($GoogleAppName);
        $client->setClientId($this->user->getGoogleId());
        $client->setAccessType('offline');

if token is valid i can work but when is expired i try 

$token = [
            'access_token' => $this->user->getGoogleAccessToken(),
            'expires_in'   => (new \DateTime())->modify('-1 year')->getTimestamp(),
        ];

i put this any date because in this example we don't save expired time

https://gist.github.com/danvbe/4476697

    $client->setAccessToken($token);

    if($client->isAccessTokenExpired()){

        $refreshedToken = $client->refreshToken($client->getAccessToken());

here i have error

array:2 [▼
  "error" => "invalid_request"
  "error_description" => "Could not determine client ID from request."
]

There is HwiAuthBundle method to refresh token ? Why this not work with Google_Client refresh ?

2
phpsymfonygoogle-apigoogle-api-php-clienthwioauthbundle
what's a getGoogleId? Client id is the client id from google developer console the one used to create the refresh token you are using. - DaImTo
If you've not seen this thread, yet, it looks like they consider refreshing tokens a lower priority for that bundle: github.com/hwi/HWIOAuthBundle/issues/457 So, a total plug and play solution, this is not. - Cameron Hurd

2 Answers

2
votes

In oauth2.0 to refresh an expired access token you need to send to the endpoint :

  • a grant type equals to 'refresh_token'
  • a valid refreshToken
  • your clientId
  • and your clientSecret

You can't send an expired accessToken to get a new refreshed accessToken. 

public function refreshAccessToken($refreshToken, array $extraParameters = array())
{
    $parameters = array_merge(array(
        'refresh_token' => $refreshToken,
        'grant_type' => 'refresh_token',
        'client_id' => $this->options['client_id'],
        'client_secret' => $this->options['client_secret'],
    ), $extraParameters);
    $response = $this->doGetTokenRequest($this->options['access_token_url'], $parameters);
    $response = $this->getResponseContent($response);
    $this->validateResponseContent($response);
    return $response;
}

function refreshAccessToken($refreshToken, ...

and not $accessToken

I think you need to call after construct your client with your credentials

$client = new Google_Client();
$client->setAuthConfig('client_secrets.json');
$client->refreshToken($client->getRefreshToken());

https://developers.google.com/api-client-library/php/auth/web-app#creatingcred

Are you sure of your $client->setClientId($this->user->getGoogleId()); ? What is getGoogleId() ? I think you need also to create a oauth client id : https://developers.google.com/identity/sign-in/web/devconsole-project

In oauth client_id is not the user id but the app id

-2
votes

Sorry to upset you amigo, but it looks like that package doesn't implement any Refresh Token functionality. Or it's left up to you.

Here's the open issue in their GitHub, have a look: https://github.com/hwi/HWIOAuthBundle/issues/457

Here's a comment from the issue:

This feature exists, yet there is no easy use for it as you need to do everything on your own (dealing with storing more details about token, detecting the expiration, calling Google to get new token, and replacing old), only help from this bundle for now, it's code that allows you to ask Google for new fresh token: GenericOAuth2ResourceOwner::refreshToken(), it should work as expected, but I have not used this bundle for long time =)

People in there are waiting on a Gist (snippet of code) to show them how to do this, but so far nothing.