google-api-php-client: Refresh token doesn't get returned in $client->fetchAccessTokenWithRefreshToken($refreshToken)
While running this example
https://developers.google.com/sheets/quickstart/php
I noticed after the AccessToken expires it uses refresh_token to fetch a new token however it returns creds without the refresh_token included. As a result, subsequent attempts to fetch a new accessToken (after the expire) fail because the refresh_token is not saved and thus not able to be passed back to fetchAccessTokenWithRefreshToken again.
Should this be reinserted back into the creds?
/vendor/google/apiclient/src/Google/Client.php 2016-09-27 15:13:43.178769896 -0700
@@ -271,6 +271,7 @@
$creds = $auth->fetchAuthToken($httpHandler);
if ($creds && isset($creds['access_token'])) {
$creds['created'] = time();
+ $creds['refresh_token'] = $refreshToken;
$this->setAccessToken($creds);
}
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 6
- Comments: 19 (3 by maintainers)
Besides
$client->setAccessType('offline');
Need to include force prompt to Google return the refresh token:$client->setApprovalPrompt('force');
Works for me.The initial oauth sequence must include the line of code below - $client->setApprovalPrompt(‘force’);
Without this, when accessToken expires, there will be no refreshToken available - the getRefreshToken() function will return null, which in turn causes fetchAccessTokenWithRefreshToken to fail.
I don’t know if this setApprovalPrompt setting is a legitimate requirement of what I’m trying to do, or relates to an issue elsewhere within the Google Client PHP API. I just know it fixes the problem of the various quickstart.php samples published by Google that fail to refresh expired access tokens.
In case the behavior was intentionally changed, then the documentation/quickstart needs to be updated accordingly, otherwise everybody will be induced to this mistake…
Be sure to add
$client->setAccessType('offline');
. I’ve also came across this ‘error’@LetterboxDelivery is right - the refresh token is only delivered the first time an application is authorized.
We could add the refresh token back to the in-memory access token, but this is not a guaranteed fix, as the access token can be cached at the auth level. I do think it would be an improvement, however.
I was also seeing the same problem with offline access.
However it looks like we actually needed to store the original refresh_token given to us at first authorisation to be reused later on. I had assumed a new refresh_token would be generated so kept overwriting the returned access token data stored in the DB.
I am now simply appending the original refresh_token back into the access token array and storing it again.
After set $client->setAccessType(‘offline’); $client->setApprovalPrompt(‘force’); Don’t forget to delete your previous credential token.
It looks like a member of our great community answered your questions. Thanks Community! Please feel free to reopen if you have any more questions.