What to do after access-token expire (3600s)?

[dev....@gmail.com]

I have a client-side web app (no backend) that uses Google Javascript API. I have an issue regarding the access-token that I got after the login is successful.

From the callback, we can see that the access-token is set to expire in 1 hour.

expires_in: "3600"

Question is, how can I "get a new token"? From the documentation, I'm under the impression that after the token is invalid, we have to (and I quote) perform a new re-authorization flow with immediate set to true to get an up-to-date access token.

Source: https://developers.google.com/+/web/api/javascript

However, when I tried to call again the auth method:

gapi.auth.authorize(parameters, callback)

I got the token object, but there's no access-token inside.

{
    client_id: "{my_client_id}.apps.googleusercontent.com"
    cookie_policy: undefined
    expires_at: "1370371466"
    expires_in: "86400"
    g_user_cookie_policy: undefined
    issued_at: "1370285066"
    response_type: "token"
    scope: "https://www.googleapis.com/auth/plus.login https://gdata.youtube.com"
}

Am I missing something? How do we usually get a refreshed token after one expired? Thanks in advance guys.

Cheers!

[paman daffahermawan]

for more info visit http://rewalk.us/2016-roblox-hack