Does the javascript client library use the same OAuth interface under the covers?
54 views
Skip to first unread message
Giles Roadnight
Feb 5, 2016, 3:43:14 AM2/5/16
to Google API JavaScript Client
Hi All
As a learning experiment I have already implemented a javascript app that uses OAuth to authorise access to Google api. It uses the client only path as detailed here:
I got it all working fine but using the client only path with no secret key it seemed impossible to refresh the access token without showing the grant access popup again.
If the google written client library uses the same api under the covers I was wondering how it manages to refresh the token?
Many Thanks
Kurt Freytag
Feb 29, 2016, 5:48:56 PM2/29/16
to Google API JavaScript Client
Giles -
A very late response to your query. If you are still having issues, you could take a look at an npm module I recently published. It uses the REST API to handle token validation and refresh:
- Kurt
Giles Roadnight
Mar 3, 2016, 2:54:12 AM3/3/16
to Google API JavaScript Client
Thanks for the response but that code doesn't actually log in at any point does it. I assume that you give it an access token and refresh token from elsewhere. My point was that using the client only authorisation method you don't get a refresh token so you can't refresh.
--
You received this message because you are subscribed to a topic in the Google Groups "Google API JavaScript Client" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-api-javascript-client/_o9QtbsHZKU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-api-javascrip...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kurt Freytag
Mar 3, 2016, 2:01:39 PM3/3/16
to Google API JavaScript Client, gi...@roadnight.name
Giles -
I misunderstood your implementation.
As you've implemented this entirely on the client, you're right. There is (AFAIK) no way to refresh the access token once it expires without showing the access popup again.
The only way to get by this is to create a server-side component and do the refreshing there on behalf of the account owner. Sorry.
- Kurt
To unsubscribe from this group and all its topics, send an email to google-api-javascript-client+unsub...@googlegroups.com.
Giles Roadnight
Mar 3, 2016, 2:59:33 PM3/3/16
to Google API JavaScript Client
Yeah, I had got to that points already. I am trying to avoid a server side component even though the implementation is trivial hosting and deployment and so on is more complicated.
I'll have to put together a little node server to do this for me at some point but for now I am just having to refresh manually....
Thanks for your response anyway. Google has been little to no help on this.
On Thu, Mar 3, 2016 at 7:01 PM Kurt Freytag <ku...@freytag.com> wrote:
Giles -I misunderstood your implementation.As you've implemented this entirely on the client, you're right. There is (AFAIK) no way to refresh the access token once it expires without showing the access popup again.The only way to get by this is to create a server-side component and do the refreshing there on behalf of the account owner. Sorry.- Kurt
On Wednesday, March 2, 2016 at 11:54:12 PM UTC-8, Giles Roadnight wrote:Thanks for the response but that code doesn't actually log in at any point does it. I assume that you give it an access token and refresh token from elsewhere. My point was that using the client only authorisation method you don't get a refresh token so you can't refresh.
On Mon, Feb 29, 2016 at 10:48 PM Kurt Freytag <ku...@freytag.com> wrote:
Giles -A very late response to your query. If you are still having issues, you could take a look at an npm module I recently published. It uses the REST API to handle token validation and refresh:- Kurt--
On Friday, February 5, 2016 at 12:43:14 AM UTC-8, Giles Roadnight wrote:Hi AllAs a learning experiment I have already implemented a javascript app that uses OAuth to authorise access to Google api. It uses the client only path as detailed here:I got it all working fine but using the client only path with no secret key it seemed impossible to refresh the access token without showing the grant access popup again.If the google written client library uses the same api under the covers I was wondering how it manages to refresh the token?Many Thanks
You received this message because you are subscribed to a topic in the Google Groups "Google API JavaScript Client" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-api-javascript-client/_o9QtbsHZKU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-api-javascrip...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Google API JavaScript Client" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-api-javascript-client/_o9QtbsHZKU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-api-javascrip...@googlegroups.com.
Kurt Freytag
Mar 3, 2016, 3:22:51 PM3/3/16
to google-api-jav...@googlegroups.com
Yeah. The documentation on Google’s site (and the community / how-I-did-it documentation) is woefully inadequate to figuring out how this stuff works.
Kurt Freytag
Mar 4, 2016, 2:00:21 PM3/4/16
to Google API JavaScript Client, gi...@roadnight.name
Giles -
I was thinking about this a little bit.
I don't know what your performance requirements are, but you *could* implement this with AWS' API Gateway and Lambda (no provisioned box needed). Use Serverless or another framework to make it easier on yourself.
- Kurt
To unsubscribe from this group and all its topics, send an email to google-api-javascript-client+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Google API JavaScript Client" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-api-javascript-client/_o9QtbsHZKU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-api-javascript-client+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages