[Google Core] How to recycle the refresh token?

Back to Forums

Rui Lopes

Question

Mobile

Forge

Application Type

Mobile

Hello Everyone,

We are using the Google Login Plugin and the Google Core component to access the Google Calendar API.

After an user logins via Google, our code invokes the GoogleCore\GetAccessToken public server action every time it needs to access the Calendar API in order to retrieve a valid access token. In this server action we can see that, if the token is expired, the code tries to re-validate it using a refresh token stored in the UserGoogle entity.

We are now facing an issue which occurs when, for some reason, the access token gets revoked. This may happen, for example, if :

The user accidentally removes access from our app to his/her Google account
The user changes his/her Google account password

From this point on, it is no longer possible to access the Google API for that user (not even if he/she logs in again). This is so because, once the 1st refresh token is retrieved, it is never recycled.

Is my analysis correct? Do you know any way to overcome this issue without applying a fix directly to the GoogleCore module?

Thank you for your time,

Rui

25 Feb 2021

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines