Search code examples
gmailnodemailerrefresh-tokenoauth2-playground

How do I deal with refresh token expiring?

I am using Nodemailer and Google Gmail API to send emails to the users of my app, and I`m using OAuth settings to get the token. The thing is that after some days the refresh token expires so I have to go to https://developers.google.com/oauthplayground/ where I must manually generate a new refrehs token and add it to my backend .env

Is there a way to automatize this proccess?? Maybe somthing in my settings is wrong cause I'm quite new as FSD and dont have much experience. Also, maybe there is some other service easier to deal with than Google Gmail, any advice? Thanks in advance! Here is the code of my backend:

require("dotenv").config();
const nodemailer = require("nodemailer");
const { google } = require("googleapis");


const createTransporter = async () => {
  const oAuth2Client = new google.auth.OAuth2(
    process.env.CLIENT_ID,
    process.env.CLIENT_SECRET,
    "https://developers.google.com/oauthplayground"
  );

  oAuth2Client.setCredentials({ refresh_token: process.env.REFRESH_TOKEN });

  const accessToken = await oAuth2Client.getAccessToken();

  const transporter = nodemailer.createTransport({
    service: "gmail",
    auth: {
      type: "OAuth2",
      user: "[email protected]",
      clientId: process.env.CLIENT_ID,
      clientSecret: process.env.CLIENT_SECRET,
      refreshToken: process.env.REFRESH_TOKEN,
      accessToken: accessToken,
    },
  });

  return transporter;
};
Solution

  • Refresh tokens in apps that are still in testing expire after seven days. At that time the users consent is revoked for the app and the refresh tokens are automatically made invalid.

    The fix is to set the project to production then the refresh tokens will stop expiring.

    Oauth2 playground is only intended for testing and development its not meant for permanent use. So tokens generated from that normally expire after a few hours or max three days.

    The solution is to use Oauth2 in your code to request consent of the user, then set your project to in production and store the refresh token locally within your app. Then handle any expired refresh tokens (if the user revokes your access) by requesting authorization again.