In Php, I'm using the Gmail API to read and remove mails from a generic email address. It's running perfectly but I always need (several times per day) to regenerate a new access token to give access to my script to the mail box, why ?
I have specified an Approval Prompt on "force" which is supposed to work forever. Last point, I'm using the Google client library with composer (google/apiclient version 2.0)
Here is my Php code:
private function getClient()
{
$client = new \Google_Client();
$client->setApplicationName('My app');
$client->setScopes(\Google_Service_Gmail::MAIL_GOOGLE_COM);
$configPath = CONFIG . 'client_secret_123456790.apps.googleusercontent.com.json';
$client->setAuthConfig($configPath);
$client->setApprovalPrompt('force');
$client->setIncludeGrantedScopes(true);
$client->setLoginHint('email@example.com');
$client->setAccessType('offline');
$client->setPrompt('consent');
$tokenPath = CONFIG . 'token.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
// If there is no previous token or it's expired.
if ($client->isAccessTokenExpired()) {
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
return false;
}
// Save the token to a file.
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}
It's running perfectly but I always need (several times per day) to regenerate a new access token to give access to my script to the mail box, why ?
Access tokens are only valid for one hour this is standard for Oauth. You are requesting off line access so there for have a refresh token which can be used to request a new access token from the authencation server.
I have specified an Approval Prompt on "force" which is supposed to work forever.
If you include approval Prompt on "force" in your request then it will force the user to login again and grant your application consent to the scopes. I have no idea where you got the idea that this cause it to work for ever.
You are using oauth2 access tokens expire after one hour using offline access will give you a refresh token which you can store and use to request a new access token when ever your access token expires
You appear to have implemented this already If its not working i sugest you check that the code is being hit and that you have not lost the refresh token somehow.
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
I cant find anywhere in your code that you are saving the refresh token When you authenticate the user the first time. You will get a refresh token back you should store this in a file somewhere then you can use it to create a new access token the next time you run your script
$client->fetchAccessTokenWithRefreshToken("TokenFromFile");
The refresh token is only returned the first time the user authenticates your application or when you add approval prompt force. There should be no reason to over write this token unless you haven't used it for more than six months.