Storing and Retrieving Tokens from a Database

[kolyn77]

http://code.google.com/p/google-api-php-client/wiki/UsingTheLibrary  indicates: "Do note you should replace the session storage of the OAuth key with a real storage (on disk, in your mysql database, etc) before releasing your app."

Can you provide an example of where exactly in the code this storage and retrieval should take place?  What field should we use to identify the user (i.e. what info will we have access to when they login via OAuth 2.0 in order to look up the correct token)?  Is the refreshToken the only other field we need to store?

Any existing example within the google-api-php-client would be fine to show where this storage and retrieval should happen.

I really appreciate any help you can offer!  I can handle the MySQL end, but OAuth is still a bit new to me...

[Harsha M V]

I am also wondering the same thing.
Why should we should the token in the DB. Doesnt it change on every session ?

[Aurelien D]

just put the refresh_token in session, using the API, it gives you access to the access token and an expiry time. What i do is to put resfresh token in DB and expiring time of access token which is saved in SESSION. When i need anvaccess token, i check in db if we are beyond expiry time, in this case I use Refresh token to get a new access token with a new expiring time (i put the last in DB and the former in SESSION). In the other case, i use the access token which should be in SESSION. If not, i got a new one with refresh token. It is maybe also possible to put access token in db in certain cases.

Regard,

Aurélien

2012/6/4 Harsha M V <har...@mink7.com>

[Harsha M V]

Whats the usual Expiry Time of the Token ??

[Aurelien D]

When the authorization has been done by user once with the offline access type, it sends you back a json object :

[access_token] => ya29.AHwfdqdfkzjED92k98mf_KKtxxxxxxxxxx
[token_type] => Bearer
[expires_in] => 3600
[refresh_token] => 1/n2nhssssCg8JHyjO8b27xxxx
[created] => 1338796314

i changed the data i got back with my account. Put the refresh token in db. Expiring time is the timestamp :
[created] timestamp+ 3600 : this is what i put in DB also but you can also use refresh token each time but it will be a little bit longer to get access token, it is better to know if you need it or not.

 

2012/6/4 Harsha M V <har...@mink7.com>

Whats the usual Expiry Time of the Token ??

[Aurelien D]

you can also play here :

https://code.google.com/oauthplayground/

it is great help to understand how it works.

Aurel

2012/6/4 Aurelien D <aure...@gmail.com>

[Harsha M V]

I am sorry but if you can help me understand how i can gain access to a users data while he is offline it would be great. I have stored the Refresh token in the database and am passing it to the client object to get me a new access token but i get the following error.

Error refreshing the OAuth2 token, message: '{ "error" : "unauthorized_client" }'


Can you share the basic logic code on how to handle it ?

 

[Chirag Shah]

There's a basic example for saving the refresh token in a database here:

http://code.google.com/p/google-api-php-client/source/browse/trunk/examples/adsense/AdSenseAuth.php

You will typically get the error "unauthorized_client" if you used a different client_id to originally obtain the refresh token.