Search code examples
phpgoogle-apigoogle-oauthgmail-apigoogle-api-php-client

How to change the expiration time of a Google Access Token?

I have this code to authenticate the user using oauth 2.0 api in php but I want to change the expiry time of the token usually the token expires in 1 hour but I have to change it to the maximum time I think it is 200 days. how can I achieve that. Any help or suggestion will be appreciated

<?php
  class Connection {
    public function __construct() {
        $this->credentials = "credentials.json";
        $this->client = $this->create_client();
    }

    public function get_client() {
      return $this->client;
    }

    public function get_credentials() {
      return $this->credentials;
    }

    public function is_connected() {
      return $this->is_connected;
    }

    public function get_unauthenticated_data() {
      $authUrl = $this->client->createAuthUrl();
      return "<a href='$authUrl'>Click here to link your account</a>";
    }

    public function credentials_in_browser() {
      if ($_GET['code']) {
        return true;
      }
      return false;
    }

    public function create_client() {
      $client = new Google_Client();
      $client->setApplicationName('Gmail API PHP');
      $client->addScope('https://mail.google.com/');
      $client->setAuthConfig('credentials.json');
      $client->setAccessType('offline');
      $client->setPrompt('select_account consent');
      $tokenPath = 'token.json';
      if (file_exists($tokenPath)) {
          $accessToken = json_decode(file_get_contents($tokenPath), true);
          $client->setAccessToken($accessToken);
      }

      if ($client->isAccessTokenExpired()) {
          if ($client->getRefreshToken()) {
              $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
          } elseif($this->credentials_in_browser()) {
            $authCode = $_GET['code'];
            $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
            $client->setAccessToken($accessToken);

            if (array_key_exists('error', $accessToken)) {
                throw new Exception(join(', ', $accessToken));
            }
          } else {
            $this->is_connected = false;
            return $client;
          }
          if (!file_exists(dirname($tokenPath))) {
              mkdir(dirname($tokenPath), 0700, true);
          }
          file_put_contents($tokenPath, json_encode($client->getAccessToken()));
      }
      else {}

      $this->is_connected = true;
      return $client;
  }
}
?>
Solution

  • Welcome to the world of Oauth2.

    Access tokens by standard expire after one hour. This is configured by the authorization server that created it. So if you own the authorization server that created it you would have access to change the expiration time.

    Google Access tokens are created by Googles authorization server, Googles access tokens expire after one hour. You do not have access to change this.

    That being said.

    Your code appears to be using offline access and using the refresh token to request a new access token.

    if ($client->getRefreshToken()) {
          $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

    Refresh tokens are long lived as long as your application is in set to production your refresh token should not expire. Your code will then request a new access token when ever it needs one.

    So technically you dont need to set the access token to 200 days, your refresh token should already be longer then that.

    Note with the gmail api refresh tokens will expire if the user changes their password.