Asked by: rootpd
The access_token acquired by Socialite (via Socialite::driver(self::PROVIDER)->user() has a limited time validity. For Google it's an hour.
I'm able to get refresh_token by changing the redirect call to:
Socialite::driver(self::PROVIDER)->stateless()->with([
'access_type' => 'offline',
])->redirect()
For an hour I'm able to read user data based on access_token by calling
// $token = read_stored_access_token()
\Socialite::driver(self::PROVIDER)->userFromToken($accessToken);
After an hour, when the token gets invalid, the Google API starts returning 401 Unauthorized and Socialize propagates this out:
(1/1) ClientException
Client error: `GET https://www.googleapis.com/plus/v1/people/me?prettyPrint=false` resulted in a `401 Unauthorized` response:
{"error":{"errors":[{"domain":"global","reason":"authError","message":"Invalid Credentials","locationType":"header","loc (truncated...)
Now with the refresh_token, I should be able to easily refresh the access_token. But I cannot find a mention in Socialize docs or source code which would allow me to do that.
Is really the only way how to accomplish this use Google's API library and do this manually? Doesn't it kill the whole idea of using Socialize?
Note: I'm trying to avoid to call redirect() again as it might force user to pick one of his Google accounts every hour which is annoying.
Thanks!
No comments:
Post a Comment