[Google Core] How to recycle the refresh token?
Question
Forge component by Labs
Application Type
Mobile

Hello Everyone,

We are using the Google Login Plugin and the Google Core component to access the Google Calendar API. 

After an user logins via Google, our code invokes the GoogleCore\GetAccessToken public server action every time it needs to access the Calendar API in order to retrieve a valid access token. In this server action we can see that, if the token is expired, the code tries to re-validate it using a refresh token stored in the UserGoogle entity.

We are now facing an issue which occurs when, for some reason, the access token gets revoked. This may happen, for example, if :

  • The user accidentally removes access from our app to his/her Google account
  • The user changes his/her Google account password

From this point on, it is no longer possible to access the Google API for that user (not even if he/she logs in again). This is so because, once the 1st refresh token is retrieved, it is never recycled.

Is my analysis correct? Do you know any way to overcome this issue without applying a fix directly to the GoogleCore module?

Thank you for your time,

Rui

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.