How to refresh token with Google API client

Question

I ve been playing around with the Google Analytics API  V3  and have run into som errors  Firstly  everything is set up correct and worked with my testing account  But when I want to grab data from another profile ID  Same Google Accont GA Account  I get an 403 Error  The strange thing is that data from some GA accounts will return data whilst other generate this error   I ve revoked the token and authenticated one more time  and now it seems like I can grab data from all of my accounts  Problem solved  Not  As the access key will expire  I will run into the same issue again   If I have understood things right  one could use the resfreshToken to get a new authenticationTooken   The problem is  when I run     client- gt refreshToken refresh token key     the following error is returned   Error refreshing the OAuth2 token  message      error     invalid grant       I   ve checked the code behind the refreshToken method and tracked the request back to the    apiOAuth2 php    file  All parameters are sent correctly  The grant type is hard coded to    refresh token    within the method  so it   s hard for me to understand what   s wrong  The parameter array looks like this   Array    client id    gt         -uqgau8uo1l96bd09eurdub26c9ftr2io apps googleusercontent com  client secret    gt            refresh token    gt  1  lov250YQTMCC9LRQbE6yMv-FiX Offo79UXimV8kvwY  grant type    gt  refresh token     The procedure is as follows    client   new apiClient     client- gt setClientId  config  oauth2 client id      client- gt setClientSecret  config  oauth2 client secret      client- gt setRedirectUri  config  oauth2 redirect uri      client- gt setScopes  https   www googleapis com auth analytics readonly     client- gt setState  offline      client- gt setAccessToken  config  token        The access JSON object    client- gt refreshToken  config  refreshToken        Will return error here   Is this a bug  or have I completely misunderstood something

User · Answer

Google has made some changes since this question was originally posted.

Here is my currently working example.

    public function update_token($token){

    try {

        $client = new Google_Client();
        $client->setAccessType("offline"); 
        $client->setAuthConfig(APPPATH . 'vendor' . DIRECTORY_SEPARATOR . 'google' . DIRECTORY_SEPARATOR . 'client_secrets.json');  
        $client->setIncludeGrantedScopes(true); 
        $client->addScope(Google_Service_Calendar::CALENDAR); 
        $client->setAccessToken($token);

        if ($client->isAccessTokenExpired()) {
            $refresh_token = $client->getRefreshToken();
            if(!empty($refresh_token)){
                $client->fetchAccessTokenWithRefreshToken($refresh_token);      
                $token = $client->getAccessToken();
                $token['refresh_token'] = json_decode($refresh_token);
                $token = json_encode($token);
            }
        }

        return $token;

    } catch (Exception $e) { 
        $error = json_decode($e->getMessage());
        if(isset($error->error->message)){
            log_message('error', $error->error->message);
        }
    }


}

User · Answer

You need to save the access token to file or database as a json string during the initial authorization request  and set the access type to offline  client- gt setAccessType  offline    Then  during subsequent api requests  grab the access token from your file or db and pass it to the client    accessToken   json decode  row  token    true    client- gt setAccessToken  accessToken     Now you need to check if the token has expired   if   client- gt isAccessTokenExpired             access token has expired  use the refresh token to obtain a new one      client- gt fetchAccessTokenWithRefreshToken  client- gt getRefreshToken            save the new token to file or db           json encode  client- gt getAccessToken      The fetchAccessTokenWithRefreshToken   function will do the work for you and provide a new access token  save it back to your file or database

User · Answer

FYI  The 3 0 Google Analytics API will automatically refresh the access token if you have a refresh token when it expires so your script never needs refreshToken    See the Sign function in auth apiOAuth2 php

User · Answer

I used the example by smartcodes with the current version of the Google API  but that one didn t work  I think his API is too outdated   So  I just wrote my own version  based on one of the API examples    It outputs access token  request token  token type  ID token  expiration time and creation time as strings  If your client credentials and developer key are correct  this code should work out of the box    lt  php    Call set include path   as needed to point to your client library  require once  google-api-php-client src Google Client php   require once  google-api-php-client src contrib Google Oauth2Service php   session start      client   new Google Client     client- gt setApplicationName  Get Token       Visit https   code google com apis console api plus to generate your    oauth2 client id  oauth2 client secret  and to register your oauth2 redirect uri   oauth2   new Google Oauth2Service  client    if  isset   GET  code            client- gt authenticate   GET  code           SESSION  token      client- gt getAccessToken         redirect    http         SERVER  HTTP HOST       SERVER  PHP SELF        header  Location      filter var  redirect  FILTER SANITIZE URL        return     if  isset   SESSION  token            client- gt setAccessToken   SESSION  token        if  isset   REQUEST  logout           unset   SESSION  token          client- gt revokeToken        gt   lt  doctype html gt   lt html gt       lt head gt  lt meta charset  utf-8  gt  lt  head gt       lt body gt           lt header gt  lt h1 gt Get Token lt  h1 gt  lt  header gt           lt  php         if   client- gt getAccessToken                    SESSION  token      client- gt getAccessToken                 token   json decode   SESSION  token                 echo  Access Token        token- gt access token     lt br  gt                echo  Refresh Token        token- gt refresh token     lt br  gt                echo  Token type        token- gt token type     lt br  gt                echo  Expires in        token- gt expires in     lt br  gt                echo  ID Token        token- gt id token     lt br  gt                echo  Created        token- gt created     lt br  gt                echo   lt a class  logout  href   logout  gt Logout lt  a gt              else                authUrl    client- gt createAuthUrl                print   lt a class  login  href   authUrl  gt Connect Me  lt  a gt                        gt       lt  body gt   lt  html gt

User · Answer

The answer posted by  uri-weg worked for me but as I did not find his explanations very clear  let me reword it a little   During the first access permission sequence  in the callback  when you get to the point where you receive an authentication code  you must save the access token and the refresh token as well   The reason is google api sends you an access token with a refresh token only when prompting for access permission  The next access tokens will be sent without any refresh token  unless you use the approval prompt force option    The refresh token you received the first time stays valid until the user revokes access permission   In simplistic php  an example of the callback sequence would be      init client          authCode     GET  code     accessToken    client- gt authenticate  authCode       accessToken needs to be serialized as json  this- gt saveAccessToken json encode  accessToken     this- gt saveRefreshToken  accessToken  refresh token       And later on  in simplistic php  the connection sequence would be      init client          accessToken    this- gt loadAccessToken       setAccessToken   expects json  client- gt setAccessToken  accessToken    if   client- gt isAccessTokenExpired             reuse the same refresh token      client- gt refreshToken  this- gt loadRefreshToken            save the new access token  which comes without any refresh token       this- gt saveAccessToken  client- gt getAccessToken

User · Answer

So i finally figured out how to do this  The basic idea is that you have the token you get the first time you ask for authentication  This first token has a refresh token  The first original token expires after an hour  After an hour you have to use the refresh token from the first token to get a new usable token  You use  client- gt refreshToken  refreshToken  to retrieve a new token  I will call this  temp token   You need to store this temp token as well because after an hour it expires as well and note it does not have a refresh token associated with it  In order to get a new temp token you need to use the method you used before and use the first token s refreshtoken  I have attached code below  which is ugly  but im new at this       pull token from database  tokenquery  SELECT   FROM token WHERE type  original     tokenresult   mysqli query  cxn  tokenquery   if  tokenresult  0         tokenrow mysqli fetch array  tokenresult       extract  tokenrow      time created   json decode  token - gt created   t time     timediff  t- time created  echo  timediff   lt br gt     refreshToken  json decode  token - gt refresh token      start google client note   client   new Google Client     client- gt setApplicationName       client- gt setScopes array      client- gt setClientId       client- gt setClientSecret       client- gt setRedirectUri       client- gt setAccessType  offline     client- gt setDeveloperKey         resets token if expired if   timediff gt 3600  amp  amp   token             echo  refreshToken   lt  br gt         refreshquery  SELECT   FROM token WHERE type  refresh         refreshresult   mysqli query  cxn  refreshquery         if a refresh token is in there        if  refreshresult  0                 refreshrow mysqli fetch array  refreshresult           extract  refreshrow            refresh created   json decode  token - gt created           refreshtimediff  t- refresh created          echo  Refresh Time Diff     refreshtimediff   lt  br gt              if refresh token is expired         if  refreshtimediff gt 3600                         client- gt refreshToken  refreshToken            newtoken  client- gt getAccessToken            echo  newtoken   lt  br gt             tokenupdate  UPDATE token SET token   newtoken  WHERE type  refresh            mysqli query  cxn  tokenupdate            token  newtoken          echo  refreshed again                       if the refresh token hasn t expired  set token as the refresh token         else                    client- gt setAccessToken  token              echo  use refreshed token but not time yet                         if a refresh token isn t in there        else                client- gt refreshToken  refreshToken            newtoken  client- gt getAccessToken            echo  newtoken   lt  br gt             tokenupdate  INSERT INTO token  type token  VALUES   refresh    newtoken             mysqli query  cxn  tokenupdate            token  newtoken          echo  refreshed for first time                    if token is still good  if   timediff lt 3600  amp  amp   token              client- gt setAccessToken  token       service   new Google DfareportingService  client

User · Answer

use the following code snippet to get your refresh token       lt  php      require once  src apiClient php       require once  src contrib apiTasksService php         client   new apiClient         client- gt setAccessType  offline         tasksService   new apiTasksService  client         auth    client- gt authenticate         token    client- gt getAccessToken           the refresh token      refresh token    token  refresh token          gt

User · Answer

Sometimes Refresh Token i not generated by using  client- gt setAccessType   offline      Try this    client- gt setAccessType   offline     client- gt setApprovalPrompt   force

User · Answer

The access type should be set to offline  state is a variable you set for your own use  not the API s use   Make sure you have the latest version of the client library and add    client- gt setAccessType  offline      See Forming the URL for an explanation of the parameters

User · Answer

I use google-api-php-client v2 2 2 I get a new token with fetchAccessTokenWithRefreshToken    if function call without params  it returns an updated access token and the refreshed token is not lost   if   client- gt getAccessToken    amp  amp   client- gt isAccessTokenExpired           new token  client- gt fetchAccessTokenWithRefreshToken         token data    client- gt verifyIdToken

User · Answer

Had the same issue  my script that worked yesterday  for some odd reason did not today  No changes   Apparently this was because my system clock was off by 2 5      seconds  syncing with NTP fixed it   See also  https   code google com p google-api-php-client wiki OAuth2 Solving invalid grant errors

User · Answer

Here is the code which I am using in my project and it is working fine   public function getClient         client   new Google Client         client- gt setApplicationName APPNAME            app name      client- gt setClientId CLIENTID                  client id      client- gt setClientSecret CLIENTSECRET          client secret       client- gt setRedirectUri REDIRECT URI           redirect uri      client- gt setApprovalPrompt  auto          client- gt setAccessType  offline               generates refresh token       token     COOKIE  ACCESSTOKEN                fetch from cookie         if token is present in cookie     if  token              use the same token          client- gt setAccessToken  token                 this line gets the new token if the cookie token was not present        otherwise  the same cookie token      token    client- gt getAccessToken         if  client- gt isAccessTokenExpired         if token expired          refreshToken   json decode  token - gt refresh token              refresh the token          client- gt refreshToken  refreshToken              return  client

User · Answer

This here works very good  maybe it could help anybody   index php           session start     require once   DIR     client php    if  isset  obj- gt error   amp  amp  isset   SESSION  access token     amp  amp    SESSION  access token    amp  amp  isset  obj- gt expires in       gt   lt  DOCTYPE html gt   lt html gt   lt head gt   lt title gt Google API Token Test lt  title gt   lt meta charset  utf-8    gt   lt script src  https   code jquery com jquery-1 12 4 js  gt  lt  script gt   lt script gt  search  Music Mix 2010    function search q          ajax           type   GET           url   action php q   q          success  function data                if data     refresh   location reload                else     response   html JSON stringify JSON parse data                          lt  script gt   lt  head gt   lt body gt   lt div id  response  gt  lt  div gt   lt  body gt   lt  html gt   lt  php   else header  Location    filter var  https       SERVER  HTTP HOST   dirname   SERVER  PHP SELF      oauth2callback php   FILTER SANITIZE URL      gt    oauth2callback php           require once   DIR     vendor autoload php    session start      client   new Google Client     client- gt setAuthConfigFile  auth json     client- gt setAccessType  offline     client- gt setApprovalPrompt  force     client- gt setRedirectUri  https     filter var   SERVER  HTTP HOST     SERVER  PHP SELF    FILTER SANITIZE URL     client- gt addScope Google Service YouTube  YOUTUBE FORCE SSL    if isset   GET  code     amp  amp    GET  code           client- gt authenticate filter var   GET  code    FILTER SANITIZE STRING          SESSION  access token      client- gt getAccessToken          SESSION  refresh token       SESSION  access token    refresh token        setcookie  refresh token     SESSION  refresh token    time   60 60 24 180       filter var   SERVER  HTTP HOST    FILTER SANITIZE URL   true  true       header  Location    filter var  https       SERVER  HTTP HOST   dirname   SERVER  PHP SELF     FILTER SANITIZE URL        exit      else header  Location    filter var  client- gt createAuthUrl    FILTER SANITIZE URL    exit       gt    client php              https   developers google com api-client-library php start installation require once   DIR     vendor autoload php     client   new Google Client     client- gt setAuthConfig  auth json     client- gt setAccessType  offline     client- gt setApprovalPrompt  force     client- gt addScope Google Service YouTube  YOUTUBE FORCE SSL       Delete Cookie Token  setcookie  refresh token      SESSION  refresh token    time  -1       filter var   SERVER  HTTP HOST    FILTER SANITIZE URL   true  true       Delete Session Token  unset   SESSION  refresh token      if isset   SESSION  refresh token     amp  amp    SESSION  refresh token           client- gt refreshToken   SESSION  refresh token           SESSION  access token      client- gt getAccessToken      elseif isset   COOKIE  refresh token     amp  amp    COOKIE  refresh token           client- gt refreshToken   COOKIE  refresh token           SESSION  access token      client- gt getAccessToken        url    https   www googleapis com oauth2 v1 tokeninfo access token   urlencode    SESSION  access token    access token      curl handle   curl init    curl setopt  curl handle  CURLOPT URL   url   curl setopt  curl handle  CURLOPT CONNECTTIMEOUT  2   curl setopt  curl handle  CURLOPT RETURNTRANSFER  1   curl setopt  curl handle  CURLOPT USERAGENT   Google API Token Test     json   curl exec  curl handle   curl close  curl handle     obj   json decode  json      gt    action php           session start     require once   DIR     client php    if isset  obj- gt error         echo  refresh       exit      elseif isset   SESSION  access token     amp  amp    SESSION  access token    amp  amp  isset  obj- gt expires in   amp  amp  isset   GET  q     amp  amp   empty   GET  q            client- gt setAccessToken   SESSION  access token          service   new Google Service YouTube  client        response    service- gt search- gt listSearch  snippet   array  q    gt  filter input INPUT GET   q   FILTER SANITIZE SPECIAL CHARS    maxResults    gt   1    type    gt   video         echo json encode  response  modelData         exit        gt

User · Answer

I have a same problem with google google-api-php-client v2 0 0-RC7 and after search for 1 hours  i solved this problem using json encode like this       if   client- gt isAccessTokenExpired               newToken   json decode json encode  client- gt getAccessToken               client- gt refreshToken  newToken- gt refresh token           file put contents storage path  app client id txt    json encode  client- gt getAccessToken

User · Answer

The problem is in the refresh token     refresh token    gt  1  lov250YQTMCC9LRQbE6yMv-FiX Offo79UXimV8kvwY   When a string with a     gets json encoded  It is escaped with a      hence you need to remove it    The refresh token in your case should be    1 lov250YQTMCC9LRQbE6yMv-FiX Offo79UXimV8kvwY   What i m assuming you ve done is that you ve printed the json string which google sent back and copied and pasted the token into your code because if you json decode it then it will correctly remove the     for you

User · Answer

here is the snippet to set token  before that make sure the access type should be set to offline   if  isset   GET  code          client- gt authenticate        SESSION  access token      client- gt getAccessToken        To refresh token   google token  json decode   SESSION  access token      client- gt refreshToken  google token- gt refresh token     this will refresh your token  you have to update it in session for that you can do     SESSION  access token     client- gt getAccessToken

User · Answer

According to Authentication on google  OAuth2 keeps returning   39 invalid grant  39    You should reuse the access token you get after the first successful authentication  You will get an invalid grant error if your previous token has not expired yet  Cache it somewhere so you can reuse it    hope it helps

[php] How to refresh token with Google API client?

Examples related to php

Examples related to google-api

Examples related to oauth-2.0

Examples related to access-token

Examples related to google-analytics-api