Search code examples
gmailgoogle-oauthgmail-apigoogle-authenticationoauth2client

Gmail auth token expires within an hour

Gmail auth token expires in one hour, is there any way to increase the lifetime of a token up to 24 hours or more? I'm using the following method:

const oAuth2Client = await new google.auth.OAuth2(client_id, client_secret, redirect);
// got the token
oAuth2Client.setCredentials(tokens);
Solution

  • You don't need to increase the token TTL since you have a refresh token

    First of all take a look into one of the Gmail API examples, and see what happens with the refresh token.

    The token expiration time is given by the Google API used that's why you've got a refresh token. As per the Google Identity Platform Documentation says Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

    Increasing a token lifetime is not necessary, revoking a token when it's no longer necessary is a good practice. Just make sure you follow the policies that makes your application secure.

    Bear in mind, refresh token might stop working for one of these reasons:

    • The user has revoked your app's access.
    • The refresh token has not been used for six months.
    • The user changed passwords and the refresh token contains Gmail scopes.
    • The user account has exceeded a maximum number of granted (live) refresh tokens.

    Reference

    Using OAuth 2.0 to Access Google APIs

    OAuth 2.0 Policies