Recently I started working on an app that uses Google APIs, our project used the NodeJS’ client library.

The process works this way; when a user wants to login to our app using Google, we initiate the Google’s authentication process so the user enters their Google account information in a Google hosted screen and after successful verification Google asks the suer if they would like to grant our app one or more permissions(scopes) that our app has requested. If the user provides us access, Google provides us with Access and refresh tokens on our specified callback URL. I won’t go into much details as it is off topic but you can see all the details to integrate in the above link and also see the following in-depth articles on how this OAuth2 procedure works:

https://developers.google.com/identity/openid-connect/openid-connect
https://developers.google.com/identity/protocols/oauth2/web-server

Why do Google Auth’s refresh tokens expire?

As you could see in the above articles, in order to achieve the OAuth2 process, we need to create an OAuth2 client on the Google Cloud Console. This client can have one of two modes: Testing or Production. When in testing, there are limitations including the fact that the refresh token is only valid for 7 days.

This brings us to the problem mentioned in the title of this blog. When you are communicating to Google APIs using any of its client libraries, it automatically refreshes the access token using the refresh token. Thus the refresh token is valuable and needs to be saved in a secure & long term durable storage. So all will be good if your API client is in Production mode and you have the access and refresh tokens for a user, you can make requests to Google APIs on behalf of a user and never be bothered.

But in case your Google API client is in testing mode or a number of possible situations happen, your refresh token is going to expire.

How to get a new refresh token?

The only way to get a new refresh token is to follow the same auth procedure that you did the first time to get a user’s access and refresh tokens; re-authorize the user through their Google account. This is the only way that you are going to get the refresh token. So prepare your code to handle the scenario of handling expired refresh tokens and also to have the user authorize your app to access Google APIs through their Google account again.