'Google oauthplayground make refresh token not expire

I have developed an express app that's purpose is to send emails. I authorized an email sender using googles oauth2 playground, and their google api. I wanted to use this strategy rather than working with a third party email sender to not be subject to vendor lock-in. I had the system working successfully, but after a day it stopped working with "invalid-grant". In production, I'd like to have a permanent email address (under their google workspace) that is solely dedicated to these bot emails. The oauthplayground says you can avoid the 24 hour expiration, but I recall doing that before and it eventually came up with invalid grant. Is there a better way to set up a bot like this? Or should I just try the oauth playground and using the config panel to avoid the refresh token expiration again?

oauthgoogle-apigmailgoogle-oauth


Solution 1:[1]

To start with let me say that invalid-grant means that your refresh token is no longer valid. It is no longer valid because googles oauth2 playground is intended for use for testing purposes only.

Access tokens will expire in less than an hour and refresh tokens created using it will expire in 24 hours.

While it is possible to configure it to uses your personal client id and client secret it is still not the optimal way to go

enter image description here

Even using this method for production is not going to work well for you. If your app is still in testing phase then your refresh token is goin to expire in seven days. You will need to set your app to production in order to have a refresh token that does not expire.

enter image description here

The issue then becomes that in order to use the gmail api your going to need to have your application verified. You can not verify your application using the googles oauth2 playground as a redirect uri as you can not verify that you own this domain.

The solution to your problem is to create an application of your own hosted on your domain. This will allow you to create the credentials you need and have your app verified by google.

under their google workspace

You made one comment that is not clear. If you are using google workspace then why not just set up a service account with domain wide delegation to the user on the domain. You will avoid all the issues you are having above.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 DaImTo

Related Questions

Google Maps API not returning some postal codes (French cities)

How to integrate Google Picker with new Google Identity Services JavaScript library

Google's "define: " through an API?

How to access Google calendar in Android

How do I access (read, write) Google Sheets spreadsheets with Python?

How to MODIFY a Google Docs document via API using search-and-replace?

Android 5.0 IllegalArgumentException: Service Intent must be explicit: on com.google.android.location.internal.GoogleLocationManagerService.START

jest unit test mock google oauthClient in nestjs

Svelte how to import

People API - QUOTA_EXCEEDED / FBS quota limit exceeded

Decode integrity token using Google PlayIntegrity API

How to use Google API credentials json on Heroku?

Batch request Google Calendar php API

Batch request Google Calendar php API

Using Python to do basic Google Drive operations without web server authentication