OAuth v2 (Google API) expiry Access Token

I am building an integration component using a graphical framework who has a pre-build OAuth2 connector. This framework required following fields for OAuth v2:

• Grant type
• Scope
• Auth Server URL
• Client Id
• Client Secret
• Access Token
• Refresh token

I need to get data from Google Analytics API, so I went to Google Dev Console (https://console.developers.google.com/project/927890000889/apiui/credential). I generated a 'Client ID for web application'. From the parameter of this object I was able to fill some of the parameters above

• Grant type : 'authorisation_code'
• Client Id : 'RANDOMCHARSam5o37nsiu730d.apps.googleusercontent.com'
• Client Secret : 'RANDOMCHARSiSwBA5OH5qYLUa'

Then using Google Oauth Playground (https://developers.google.com/oauthplayground) I was able to fill the missing bits

• Scope : 'https://www.googleapis.com/oauth/analytics'
• Auth Server URL : 'https://accounts.google.com/o/oauth2/auth'
• Access Token : 'RANDOMCHARSQAQv4HRF5-JsQEzUS61lj2YremyCocv0PQ4-agpzJe'
• Refresh token : 'RANDOMCHARSLPJnL4FPaDc2KP6V8kCzjjHO2Kj4Np_3X0'

Everything works fine, I am authorised to access and I get data from Google Analytics, but just for a while, after few minutes if I retry I receive an authorisation failure error. I believe that the problem is related to the expiration of the Access Token, but I don't know how to solve that. Worth to mention that this activity it's batch (no human interaction), so nobody can request a new access token. The integration framework is not extensible (I cannot write code to renew the code) so I believe there's a way to get a access token that never expire or some other mechanism to achieve the same result.

Bottom line, I am not sure if I approached the requirement correctly since the beginning (Client ID for web application).

Any help is much appreciated, Giovanni

Hey Filip, thanks for helping out. I had a look at the link you gave me. My understanding is that, while the access_token expires the refresh_token does not. So once the access_token is expired, if I send a request with the refresh_token, Google Oauth implementation sends me back a new access_token that I can use to access the resource (in my case authenticate to Google Analytics API). Is my understanding correct? Cheers, Giovanni

Yes that's exactly right. Keep in mind that it is possible for the refresh token request to fail. This will happen in cases where the original authorizer revokes access, but if you're the original authorizer then obviously you don't have to worry about this.

Can we request as many access token by refresh token? So i can use it Permanently with on time user access? Is it?

@PhilipWalton Your answer helped me a lot. Can we add email and password of a gmail account like our own? Because the application I'm working on is a automated script which will run every 24 Hours through cronjob on a server. So no user interaction there. But in testing the authentication prompt me to select a gmail account to authenticate.

Hey guys! The docs changed and I can't find any code how to refresh an expired access token... Can anybody help?

Follow "Retrieving the Access Token and Refresh Token" section in the below blog to see how to refresh the access token dillysadventures.blogspot.com/2017/11/…

Thanks! This is valuable info - "There is currently a limit of 50 refresh tokens per user account per client.If the limit is reached, creating a new token automatically invalidates the oldest token without warning. This limit does not apply to service accounts."