OAuth user authentication and session logging with Google Cloud

[Vi]

I am using Google Application Engine to host a web application and Google Cloud Storage to host documents.

I would like to keep track of:

• User authentication (performed via OAuth API, in particular based on passport.js);
  
• User token expiration (to keep track of the active sessions);
  
• User interaction with the storage API to monitor their actions.
  

Is it possible to tune Stackdriver for this purposes? And how? Is there a specific guide I can follow?

[Jordan (Cloud Platform Support)]

You can enable Stackdriver Audit Logging to have Data Access logs recorded for the supported list of products. As for token expiration, by default OAuth tokens typically expire after 60 minutes (unless you specify otherwise during token creation). If you are using passport.js to handle OAuth for you than you would need to reference their documentations on the expiration time and on how to retrieve the time left to expiration. 

If your application is the one performing the OAuth requests and the Google Cloud Storage API requests, than you can easily add a line of code before or after that creates a Stackdriver log every time your application performs these requests. You can then easily know all of the OAuth and Storage activity, and know the times of every OAuth token creation time (and from that know when it expires). 

You can even have your application save this information to a database like BigQuery instead of Stackdriver Logging for more advanced reporting and querying of this data. Ideally it is always best to log the information that is important to you directly from your application, and have your clients interface with your application.