We have a requirement where we want to integrate our service with Google Photos, thus providing the users to choose the images from Google Photos inside our site. My understanding so far is that in order for the images to be available on our end for the user to choose, he must explicitly approve this via the OAuth UI (correct me if i am wrong).
After he approves it, we will get refresh token that can generate access token for us to use.
My question being the following:
Is it possible the user to do the operation of OAuth UI approval only once and we can use that token after that without bothering the user to approve again?
What is the time that these tokens live? Is it possible to get token that does not expire? Because looking at the Facebook API, the short lived tokens expire after 2h and long lived after 2 months.
Basically our use case is the following:
We let the user connect Google Photos to our site, and he can use those photos for several uses cases. In order for us to render the full photos, we need to reference that image by id and call Google Photos API to download the image and render it on our site. Another option that i was thinking is - store the baseUrl of the image that we need initially when the user does the OAuth manual approval, therefore not needing approval after that because our service is backend only and does service to service communications.
Thanks a lot in advance and Best Regards
You are correct you need to use Oauth2 to request access to the users data. This will give you a refresh token.
Refresh tokens for the most part do not expire. As long as the user does not remove your access though their Google account directly, and as long as you use the refresh token at least once every six months you should be good to go. However your code should be able to handle an invalid refresh token and then ask the user the next time they are there.