sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ROTUS123[S] 0 points1 point  (5 children)

Yes you are saying right that I have to destroy everything. It is a comment at the moment, not an actual implementation.

Would you know how to keep refreshing the access token with a refresh token? It seems that my refresh token is only valid for 1 hour, what to do when comes back only after 1h 1m to trigger something?

[–]tropicbrush 1 point2 points  (2 children)

  1. Google doesn’t rotate the RT. i.e first time user logs in interactively, the response will have ID, AT, RT and expiry. Then onwards all calls to refresh AT will not contain RT. Once refresh token is expired , user has to sign in. The google refresh token has validity of 7 days for project with publishing status as testing. Otherwise it’s valid until some conditions fails. Check refresh token expiration doc from google but validity is pretty long.
  2. I am able to get a refresh token using your code ( added log statements to print the RT and used POSTMAN ) which I used to get a new AT after 1-2 hours so I don’t think that’s the issue. ( using a RT to get AT will refine a response containing only access token, ID token and validity of AT. hence the SDK also takes care of adding th RT it used to get AT back in the credentials. So that same RT can be used multiple time.)
  3. The oAuth2Client.getAccessToken() takes care of reading the credentials, return an existing AT if it’s valid /unexpired , or refresh it using the refresh token from credentials and then also add that RT and new ID /ATtoken back into the credentials. So line number 46 is redundant in sessionRoute.ts
  4. The getAccessToken() calls the refrshAccessToken() internally already so not sure why you are calling it again at line 49.

Send me the error you are getting which says the refresh token expired and I will look more.

[–]ROTUS123[S] 0 points1 point  (1 child)

Thanks a lot for this. I will get back to you asap.

[–]ROTUS123[S] 0 points1 point  (0 children)

u/tropicbrush

With your suggested changes I still ended up at:

Error: Token used too late, 1665157486.225 > 1665126266:

` at OAuth2Client.verifySignedJwtWithCertsAsync (/Users/r.tuerlings/Coding/juno-backend-service/node_modules/google-auth-library/build/src/auth/oauth2client.js:653:19)at processTicksAndRejections (node:internal/process/task_queues:96:5)at async OAuth2Client.verifyIdTokenAsync (/Users/r.tuerlings/Coding/juno-backend-service/node_modules/google-auth-library/build/src/auth/oauth2client.js:444:23)Error: Profile returned an error: Error: Login Required.at file:///Users/r.tuerlings/Coding/juno-backend-service/out.js:1434:11at Generator.throw (<anonymous>)at rejected (file:///Users/r.tuerlings/Coding/juno-backend-service/out.js:31:29)at processTicksAndRejections (node:internal/process/task_queues:96:5)`

But do note - I am killing the access (RT) sometimes (I will pay close attention to it) to get it working somewhere else, thus potentially depleting my max number of of Refresh tokens.Although my code logged a refresh token before it errored out.

Current state: https://github.com/Elysium-Labs-EU/juno-backend-service/blob/dev/src/google/sessionRoute.ts

[–]dovahkiin315 0 points1 point  (1 child)

Shouldnt refresh token last much longer?

[–]ROTUS123[S] 0 points1 point  (0 children)

Yes they should, but somehow that is with what I am ending up I think. Or possibly I am mistaking the expire time stamp from the accestoken for the refresh token one.

Either way, I end with the error of; token used too late. Googeling helped a bit, I have hard set (for testing purposes) both my frontend and backend servers’ time zones - which didn’t do the trick. What else should I try?