Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to handle refresh tokens in golang/oauth2 client lib

Tags:

go

oauth-2.0

There are few examples of using https://github.com/golang/oauth2 but none of them covers usage of refresh tokens. I've tried few approaches, but i'm still unsatisfied with my results.

Is there any example code, or maybe you know some project at Github using oauth2 lib to take as example?

like image 411
Andrew Avatar asked Feb 23 '15 22:02

Andrew


People also ask

How do I refresh my client token?

To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required.

How do I get a new refresh token OAuth2?

Because OAuth2 access expires after a limited time, an OAuth2 refresh token is used to automatically renew OAuth2 access. Click the tab for the programming language you're using, and follow the instructions to generate an OAuth2 refresh token and set up the configuration file for your client.

Does refresh token expire in OAuth2?

By default, access tokens are valid for 60 days and programmatic refresh tokens are valid for a year.

Which OAuth grant can support a refresh token?

The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.


1 Answers

You need not bother about refreshing tokens until the time you are storing the Expiry parameter. After getting the 'Token' object, store the following in your database:

token.AccessToken, token.RefreshToken, token.TokenType and token.Expiry

while fetching, construct the token object again using the above parameters:

token := new(oauth2.Token) token.AccessToken = {{ From DataBase }} token.RefreshToken = {{ From DataBase }} token.Expiry = {{ From DataBase }} token.TokenType = {{ From DataBase }} 

and then get your http client:

config.Client(ctx, token)

this will handle refreshing the token. Excerpt (more info: Golang oauth2 client):

Client returns an HTTP client using the provided token. The token will auto-refresh as necessary.

Only downside is, the refreshed access token is not returned. But it works! Google has no restrictions on how many times the refresh token is used.

like image 162
Devaroop Avatar answered Sep 20 '22 01:09

Devaroop