Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

accountmanager refresh token(offline access)

I use google login through account manager in my android app. I can get accesstoken which I send to server and server can create/login new user. Accesstoken is valid only 3600seconds. Problem is that server can not update user's info after this time expires. Web app requires check user's info periodically.

How can I get authentication token and refresh token from android account manager so than server can use refresh token to update data periodically? I don't want use login through webview in android app.

Thanks

like image 608
Martin Vandzura Avatar asked Mar 26 '13 16:03

Martin Vandzura


People also ask

How do I refresh my personal access token?

To refresh your access token as well as an ID token, you send a token request with a grant_type of refresh_token . Be sure to include the openid scope when you want to refresh the ID token. If the refresh token is valid, then you get back a new access and the refresh token.

Can refresh token be used as access token?

Once they expire, client applications can use a refresh token to "refresh" the access token. That is, a refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again.

How do you refresh token after it expires?

If a refresh token expires for any reason, then the only action the application can take is to ask the user to log in again, starting a new OAuth flow from scratch, which will issue a new access token and refresh token to the application.

What happens if someone steals refresh token?

If the refresh token becomes compromised, it is less likely to be valid, preventing an unauthorized user from gaining access to secure resources.


2 Answers

This is now possible: https://developers.google.com/+/mobile/android/sign-in#server-side_access_for_your_app

You request a one-time authorisation code, send it to your server and your server exchanges it for an access token and refresh token.

like image 103
ade Avatar answered Sep 30 '22 16:09

ade


Currently you can't, which I'm sure is not the answer you're hoping for, sorry about that! If you have a web sign in, you can use the hybrid flow to get a refresh token on the server as well (see https://developers.google.com/+/web/signin/server-side-flow), but there's no way of retrieving a code as part of the Android or iOS flows.

If this is something that you need for you use case, could you file a feature request on here: https://code.google.com/p/google-plus-platform/issues - we are actively looking at the number of stars on that to gauge demand for various features.

like image 21
Ian Barber Avatar answered Sep 30 '22 15:09

Ian Barber