I'm using the npm package googleapis:^100.0.0 and I'm getting this error:
Error: Token used too late, 1653569732.911 > 1653511671: {"iss":"https://accounts.google.com","azp":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com","aud":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com","sub":"113117610373384376838","email":"[email protected]","email_verified":true,"at_hash":"xxxxxxxxxxxxxxxxxxxxxxxx","iat":1653507771,"exp":1653511371}
My workflow is this:
I get access_token, refresh_token, and id_token from google oath upon first app authorization.
const scopes = ["https://www.googleapis.com/auth/userinfo.email", "openid"];
oauth2client.setCredentials({ refresh_token: tokens.refresh_token }); const url = oauth2client.generateAuthUrl({ // 'online' (default) or 'offline' (gets refresh_token) access_type: "offline", // If you only need one scope you can pass it as a string scope: scopes, });I store those in my database.
I set the oath credentials to the refresh_token
oauth2client.setCredentials({ refresh_token: tokens.refresh_token });
I get an unexpired token from Google: const accessToken = await oauth2client.getAccessToken();
I set the credentials for the oauth2client to the new unexpired credentials.
oauth2client.setCredentials(accessToken);
I verify the IdToken.
const loginTicket = await oauth2client .verifyIdToken({ idToken: tokens.id_token, }) .catch((ex) => { logE(ex); result.error = "Token likely used too late."; });
Google's documentation says
After a user grants offline access to the requested scopes, you can continue to use the API client to access Google APIs on the user's behalf when the user is offline. The client object will refresh the access token as needed.
I can log into google and verify the id_token for a few hours. However, several hours later I'm getting a token used too late error.
Am I missing something here that would allow me to re-validate the user without sending the user back to the google oauth screen?
