I have a web app, basically a bookmarks/links manager, that optionally saves all of its data to a text file on the users Google Drive. This provides both a backup store and sync's the apps data across the users browser environments. Since Google is deprecating the older gapi.auth2 library I need to migrate to use OAuth 2.0.
Currently, after the initial auth flow, the application silently keeps the file in sync. Part of the apps value prop is that you completely own your own data - the code is statically served from github and there is no server. With the new OAuth model it seems my only choice is to use the Implicit Flow mechanism. However that doesn't support refresh tokens with the result that every hour I have to ask my user to walk through the multi-step auth flow again.
Is my understanding correct that I either need to stand up a server just to manage the tokens (and break my 'no server' stance) or have this feature of my app rendered essentially useless? Thanks for any help or ideas!
You are correct. The Implicit Flow doesn't refresh the access token automatically. You would need to have a server set up to do so.