How to refresh a client-side Google api access token?

Question

I am using the client-side flow described here: Client-side (JavaScript) applications.

All goes well until the access_token expires. then I get 401/403 responses. What do I need to do? I have tried gapi.auth.authorize and gapi.auth.getToken, but nothing seems to work.

As there is (understandably) no refresh token supplied by the original auth.authorize, I'm not sure what else to do.

Answer 1

The short answer is: You don't refresh the token client-side in JavaScript, the client library does this. The longer version is more complex, but in short, don't store refresh tokens on client-side apps.

To learn more about using the Javascript client library, start here:

https://developers.google.com/+/quickstart/javascript

Answer 2

From the page/section you referenced:

When the token expires, the application repeats the process.

So some of how you handle it depends on how you are implementing and using the client-side flow. In general, you should just need to redirect the user as described at https://developers.google.com/accounts/docs/OAuth2UserAgent?hl=ja#formingtheurl, but it depends on exactly how you are having them do the initial auth.