Discarding Google O Auth access token after 1 time use - google-oauth

I am using Google O auth. I extract User info using the access_token by using the api - https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ACCESS_TOKEN I want this to be of one time use so that when this api is hit again with the same ACCESS_TOKEN, it should throw an error.

Related

How to validate google sign-in access token?

For example, I have access token of a user with some client id. When I try to get user information of same access token but with different client id, I get the information.
Is that okay or I am missing anything here ?
How can I validate if an access_token belongs to client id , I am using.
There was something called id_token, but Google has made that api deprecated, and in new API I don't get id_token.

How to get tokens valid for longer than 24h

I'm trying to get a token valid for a long time and I am not sure how to proceed.
I'm sending data to a Google Sheet on a daily basis so a 24h token doesn't allow me to have this automated.
Thanks
I have since found a way to make my script work. In the script, do not include the access token, ONLY the refresh token.
By having both, it prevented the refresh token of getting a new token and was simply using the expired token.
The generic way of obtaining tokens expiring longer than 24 hours is to get a refresh token. You can start by reading the instructions here:
Using OAuth 2.0 to Access Google APIs
Get Refresh Tokens
Refreshing Access Tokens

best practices for refreshing access tokens automatically

I'm building a react native app which uses the spotify web api. I'm using the authorization code flow to authorize a user. First I get a authorization code which can be used to obtain an access token and a refresh token. Everything works!
The problem is: an access token is only valid for a limited amount of time. That's where the refresh token comes in. I understand this concept, but I'm breaking my head about how to implement this.
Let's say a users opens the app, requests an access token and uses this for some time. Then, the user closes the app. After 15 minutes, the users opens the app again. The access token has now expired, so I need to request a new access token.
I've come op with several "solutions". Can someone point me to the correct solution?
Solution 1:
Every time the user opens the app, I request a new access token and use this. Problem: when the user uses the app longer than the valid time of the access token, I won't work anymore.
Solution 2:
I use the access token that's stored in the secure storage on every request. When a request comes back with 'access token invalid' (I don't know the exact error code but you guys know what I mean), I request a new access token with the stored refresh token, and then I send the previous command again (with the new access token). But my question here is: can I use some kind of "wrapper function" which checks the response of the request, and if the response is "access token invalid", it automatically requests a new access token and runs the previous request again.
I think certainly correct solution is solution 2,and i think its clear enough.
and for using solution 2 you need somthing like wrapper function,yes its intelligently.
so you should use interceptor:
what is interceptor ?
You can intercept requests or responses before they are handled by then or catch.
in link below there is a good example of implementing refresh token in axios interceptor:
https://gist.github.com/Godofbrowser/bf118322301af3fc334437c683887c5f
I agree that Solution 2 is the best, each time you do a request you can check to see if the Access Token has expired, and if it has then you can request a new Access Token using the Refresh Token as you mentioned and then make your request, in my own project I do this in a FormatRequestHeadersAsync method which calls a CheckAndRenewTokenAsync method where I perform the following check, here shown in C#:
if(AccessToken?.Refresh != null && (AccessToken.Expiration < DateTime.UtcNow))
{
AccessToken = await GetRefreshTokenAsync(
AccessToken.Refresh,
AccessToken.TokenType,
cancellationToken);
}
You can store the Access Token and the Refresh Token and then use something similar to this before you make each request to the API this will refresh your token and then you can store the new Access Token and the existing Refresh Token.

How to Oauth Get Access Token with No Expiry in Google Dialogue flow API

Normally Google Access token is valid for one hour but I want to set it to no expiry. How can I do that, please help
Google access tokens are only good for one hour this is Oauth2 standard and can not be changed. You will need to use a refresh token to request a new access token. No idea if that is possible with dialogflow you will likely have to request your user authenticate again after an hour.
OT: Thats an impressive app you are working on if your users will be using it beyond the access token limit.
According to [1], OAuth token maximum lifetime is 1 hour (3600 seconds) and it cannot be changed.
If your intention is that your application may continue working without having to "manually" recreate a new token, then you could try creating a session client that scopes to multiple requests, as described in the Best Practices Dialogflow reference [2]:
"To improve performance, you can use a single instance of a session client object for multiple requests. The session client reuses the same access token for as long as it is valid (typically one hour). Once it expires, the session client refreshes the access token automatically, so you don't need to recreate the session client to refresh your access token. Your request that also refreshes the access token can take an extra second or two".
Please, try this and let me know the results.
[1] https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-oauth
[2] https://cloud.google.com/dialogflow-enterprise/docs/best-practices

BigQuery Simple Api Authentication

I am trying to gain access to my BigQuery enabled Google API project using the .net Google APIs.
Using a console application, I am trying to authenicate first by supplying my simple API key in the URI, then just trying to get the list of projects.
The error I am receiving when I call Fetch() on the project list is: Login Required [401]
var bigqueryService = new BigqueryService{ Key = "MY-API_KEY" };
var projectList = bigqueryService.Projects.List().Fetch();
I am purposefully not using OAuth2 as we don't need any user data.
The API key simply identifies your app to the API console for quota purposes and other housekeeping. It's not authoritative for accessing BigQuery, as we do consider the BigQuery data as "user data."
If you're just trying to get an OAuth 2 access token for playing around quickly, you can use the OAuth 2 playground:
https://code.google.com/oauthplayground/
This token will be valid for one hour and can be copied/pasted as the access_token query parameter
Here's the scope for BigQuery to use in the playground:
https://www.googleapis.com/auth/bigquery
In the end, you'll either want to use the native client (out of band) flow:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Or the server-to-server (service accounts) flow:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I don't have quick samples handy for those in .NET, but post another question on SO if you can't find them-- I'm sure someone will chip in!
You won't be able to use a simple API key - all authorization to the BigQuery API must happen via user interaction, or alternatively through a service account.