I setup a new key for Public API access for a server application under my the APIs & auth > Credentials screen on the Google Developers Console.
Doing a YouTube data api request just stopped working and as a last ditch effort I regenerated the key. Now I'm seeing that the status row now states that it will be active until 1 day in the future. Why? I want this key to be active forever.
Is this Google's way of forcing me to use oAuth on a server app?
When using OAuth 2.0 you'll go through the OAuth flow and end up with an Access token and a Refresh token.
The Access token is short-lived and will expire relatively quickly. The Refresh token is long-lived and might expire in a year, or maybe never.
You can Refresh your Access token and use the new token that you receive:
Check here for documentation
Related
On my localhost, I have authenticated my user and goten a Refresh Token and Access Token using Passportjs.
I am using Google's Official Node.js library to get the Google Analytics data and it all seems to work fine.
On this GitHub issue, Justin clearly mentions that the expiry is set by Google's APIs.
How long is the refresh_token valid and at what time do i have to authorize myself again?
This is more of an Oauth2 question then a Google Analytics question.
Access tokens on google servers are good for one hour.
The refresh token does not expire and you can use it as many times as you want to request a new access token.
You should still handle invalid refresh tokens in your code. The user can revoke your access via there Google account. You can have max 50 out standing refresh tokens before the first one starts working. If i authenticate your application you will be given a refresh token if i do it again you get another refresh token there can be max 50 of them outstanding.
If the refresh token does become invalid you should just request authentication from your user again. The library you are using should be handling refreshing the access token for you.
I'm trying to access my Table in Azure App Service when user has an authentication. I use server side auth with Facebook. Once the user authenticated, the token was saved into my Setting class, as this post do. Whenever the user come back to App, I want user use their cached token to connect to the table in Azure App Service. How is the best approach to achieve this?
1) Implement client-side authentication with the Facebook SDK. The token provides by Facebook is long-lived (something like 60 days), so you can store it in a private store. I cover private stores in chapter 2 of the ZUMO Book at http://aka.ms/zumobook
2) When you open the app, use the stored token to get a ZUMO token. This is short lived - 1 hour. You can store this too, but it's a waste of time since you can use the unexpired Facebook token to get a new one.
3) Implement an Authentication Refresh process via a delegating handler - I describe that in the ZUMO book too.
You still need to configure Azure App Service Authentication to understand and validate your facebook token (also covered in the book!)
I am working for a course work that needs to console the new release albums, and I try to get OAuth Token in the API console, However it can only run short time, after half hour it does work.
How to gain a long term OAuth Token for it ?
The access tokens issued by the Spotify Web API have an expiration time of 1 hour. If you implement the Authorization Code flow you will get an additional refresh_token that you can use to obtain a new access token when the current one expires.
I recommend you to read the Spotify Web API Authorization Guide to get an overview of the OAuth 2.0 authorization framework, and also the beginner's tutorial that shows how to implement the authorization code flow step by step.
I'm playing around with the api of a service that supports oauth. I managed to retrieve the access_token from the service and I'm now able to call the various endpoints of the api. So far so good.
Now my question is: How long do I hold on to this access_token I received. Is this a token I keep forever, or does this expire after some time? I'm working on a desktop app, so I a have two options:
I request a new token every time the application is opened
I store the token somewhere and re-use it
What are the best practices around the storage of this token?
Usually the Access Token is stored across sessions. There is an expiration (with OAuth 2.0), but the Refresh Token is then used to retrieve a new Access Token. If you don't store the tokens, then you would need to have the end user re-authorize everytime they want to use your application (which is probably not the experience you are looking for).
I'm currently using OAuth 2.0 to access the Google API. From my understanding, I should use the returned refresh token to renew the access token. Should this be refreshed before it expires or should it be when the user requests data from the api using an access token that has expired?
If it should be done before it expires, should I just be running a cron job to update out of date tokens?
I'm using node.js and mongodb, if that has any bearing on the recommended solution.
Thanks a lot!
It should be seamless.
When the user requests data from the API using an access token that has expired, this should trigger your framework to fail, renew, then retry.
No need for any cron jobs or stuff like that in the apps i've created.