5

I'm using the Google OAuth2 Javascript library to request an access token from users. I want to store the token in a database on the server.

To be able to access that user's data after the token expiration, I also need to store the refresh token. I know how to do that when using a server-side Google OAuth2 library (specify access_type=offline), but I need to be able to do it with the client-side Javascript library and it doesn't work.

Improve this question
1
  • did you find out how to do this? Can you help in this? Commented Apr 26, 2018 at 7:25

1 Answer 1

Reset to default
9

You do not want to store the refresh token in the client! That would be akin to storing his username and password.

The Javascript client does not support type=offline, since that would expose the refresh token.

Your choices are :-

  1. Generate and store the refresh token on the server
  2. Have your client simply keep requesting access tokens as it needs them. Set immediate=true so there is no visible interaction with the user
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

So there's no way to generate the access and refresh tokens from the client and send them for storage on the server? The reason I'm trying to do it that way is that the user is interacting with a client-side app (Ember) when authenticating, not with a server-side app, so I can't generate the tokens on the server. Does this make sense?
access tokens and refresh tokens are different. The user CAN generate access tokens on the client. He CANNOT generate a refresh token. It's not especially difficult to do the auth on the server in addition to the client. My app does the initial authorisation and refresh token processing on the server. Once the user is authed, the server serves the javascript application. The javascript application then does its own access token processing, independently from the server.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.