Google Token refresh issue

0
votes

I need a help for refresh token in my application.

I have done an application in vb.net with Google Calendar API and "OAuth 2.0 client ID".

I gave this application to 10 teams of peoples and each team made up with three or four people. Every Team share a Calendar (set, read, change, delete events)

Credentials "ID client OAuth 2.0" for every user account was also created, without publish the appication but every people's token needs a refresh every 7 days and I don't like this.

Since I can't force all of them to pupblish the application, Is there a way to avoid this renew?

Other question: Is it possible to connect with API Key insted of "ID client OAuth 2.0" ? If so, I can do the same thing in calendar (set, read, change, delete events) ?

That's my connection:

Dim credentials As UserCredential
Dim CalendarScopes () As String = {CalendarService.Scope.Calendar, CalendarService.Scope.CalendarEvents}

Using stream As New FileStream ("C: \ Test \ credentials.json", FileMode.Open, FileAccess.Read)
                credentials = GoogleWebAuthorizationBroker.AuthorizeAsync (GoogleClientSecrets.FromStream (stream) .Secrets, CalendarScopes, "user", CancellationToken.None, New FileDataStore ("C: \ Test \ token.json", True)). Result
            End Using
1
vb.netgoogle-apigoogle-oauthgoogle-calendar-apigoogle-api-dotnet-client

1 Answers

1
votes

If you check the oauth2 documentation under expiration you will find it states.

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.

You need to publish your application once its in production tokens created by your application will no longer expire. Note: Everyone doesn't have to publish the application you the developer need to publish your application. This has nothing to do with the users of your application.

api keys

APi keys only grant you read access to access public data, not private user data. Not public data and you wont be able to insert or delete it.

Project / app / software

You are a developer you went to google cloud console and create a project and a client id for that project.

Then you began to develop your application. Your application then uses the client id to allow users of your app to grant your application consent to access their data.

For your application to create refresh tokens that last longer then seven days your project in google cloud console must be set to production.

None of the above has anything to do with the users / teams / entities / or groups of people that are running your application. '

You have a single application with a single project on google cloud console with a single client id. It is this that needs to be set to production by you the developer it has nothing to do with the users who install your application.

Oauth docs

Native-app

Any application that uses OAuth 2.0 to access Google APIs must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create credentials for your project. Your applications can then use the credentials to access APIs that you have enabled for that project.

The author of the application should be creating the clients. If anyone else did it would probably be against googles TOS, You need to know how the application works and what it was designed to do. No user should be creating client credentials for an application they don't know this could be a serous security risk to their account.