Menu
To determine when to use a refresh token to ask for a new access token, I'm aware of two approaches (below). Are either of these approaches possible without modifying the passport-google-oauth library?
1) The "pre-emptive" method
2) The "handle failure" method
Thanks. Also welcome any alternatives.
766
asked Oct 25 '13 20:10
To get a refresh token , you must include the offline_access scope when you initiate an authentication request through the /authorize endpoint. Be sure to initiate Offline Access in your API. For more information, read API Settings.
Once they expire, client applications can use a refresh token to "refresh" the access token. That is, a refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again.
Step 1 − First, the client authenticates with the authorization server by giving the authorization grant. Step 2 − Next, the authorization server authenticates the client, validates the authorization grant and issues the access token and refresh token to the client, if valid.
Note that Passport does not actively use the access token or refresh token, other than to fetch the user profile during login. You're application is responsible for using these tokens when making whatever API requests are necessary. As such, you can implement either method you describe, Passport is not involved in the process.
See also: https://github.com/jaredhanson/passport-google-oauth/issues/23
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
