Search code examples
delphioauth-2.0google-contacts-apidelphi-6

Google Contacts token expires

I working with Google Contacts and it going fine. But after an hour I manually need to refresh the granted access. According to this SO question I should be able to update my refresh_token with this call:

refresh_token = requests.post(
  'https://accounts.google.com/o/oauth2/token',
   data={
       'client_id': APP_ID,
       'client_secret': APP_SECRET,
       'refresh_token': refresh_token,
       'grant_type': 'refresh_token',
   }
  )

Which i've translated to this Delphi code

var
  Http: TidHttp;
  URLString: string;
  Req, Resp: TStringStream;
begin
  Http := TidHttp.Create(nil);
  try
    URLString := 'client_id=' + FGoggleContacts.ClientID;
    URLString := URLString + '&client_secret=' + FGoggleContacts.ClientSecret;
    URLString := URLString + '&refresh_token=' + FGoggleContacts.RefreshToken;
    URLString := URLString + '&grant_type=refresh_token';

    Req := TStringStream.Create(URLString);
    Resp := TStringStream.Create('');
    HTTP.DoRequest(Id_HTTPMethodPost, 'https://accounts.google.com/o/oauth2/token', Req, Resp, []);

  finally
    Req.Free;
    Resp.Free;
    Http.Free;
  end;    
end;

but when calling it I get an http/1.1 400 bad request error

So in short how do I keep my connection to Google alive ?

UPDATE

With help from @mjn42 I discovered that I was missing the Content-Type in my request. So I wrote a new method to refresh my tokens:

procedure TGContacts.RefreshTokens;
var
  Http: TidHttp;
  URLString: string;
  Req, Resp: TStringStream;
  JSon: ISuperObject;
begin
  Http := TidHttp.Create(nil);
  Req := TStringStream.Create('');
  Resp := TStringStream.Create('');
  try
    URLString := 'client_id=' + FClientID;
    URLString := URLString + '&client_secret=' + FClientSecret;
    URLString := URLString + '&refresh_token=' + FRefreshToken;
    URLString := URLString + '&grant_type=refresh_token';
    Req.WriteString(URLString);

    HTTP.Request.ContentType := 'application/x-www-form-urlencoded';
    HTTP.DoRequest(Id_HTTPMethodPost, 'https://accounts.google.com/o/oauth2/token', Req, Resp, []);
    if HTTP.ResponseCode = 200 then
    begin
      JSon := SO(UTF8Decode(Resp.DataString));
      FAccessToken := JSon['access_token'].AsString;
      if JSon['refresh_token'] <> nil then
        FRefreshToken := JSon['refresh_token'].AsString;
    end;

  finally
    Req.Free;
    Resp.Free;
    Http.Free;
  end;
end;

I just call that before accessing the API then the tokens don't expire.

Solution

  • According to the specification at https://www.rfc-editor.org/rfc/rfc6749#section-6 the request should use Content-Type: application/x-www-form-urlencoded:

    POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA