oauth-2.0google-oauthgoogle-groups-settings

How to grant acces permantly with OAuth2


I have tried to use OAuth2 to build a group settings service with the following:

def groupSettingsService(request):
    CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')
    FLOW = client.flow_from_clientsecrets(CLIENT_SECRETS, scope=['https://www.googleapis.com/auth/apps.groups.settings'], message=tools.message_if_missing(CLIENT_SECRETS))
    storage = Storage('groups-settings.dat')
    credentials = storage.get()
    if credentials is None or credentials.invalid:
        credentials = run(FLOW, storage)
    http = httplib2.Http()
    http = credentials.authorize(http)
    return discovery.build('groupssettings', 'v1', http=http)

But the problem is when the token isn't valid anymore (expires) it redirect to a page to tell a user to grant access again to that scope...things that is inappropriate for API calls !

is there a way to work with a username/password or client_secret to grant a full access permanently to the API without asking to grant access or not ?


Solution

  • You need to ask for access_type=offline when you redirect the user to Google.

    You will than get an code, which can be exchanged (by POSTing with your client_id and client_secret) into an access_token (that is the one you are already using) and a refresh_token.

    When your access_token expires, you can POST the refresh_token, client_id and client_secret to get another access_token. You can do that multiple times if you need (or weeks later...)