PHP Classes

Google OAuth offline access and Box api 'refresh tokens'

Recommend this page to a friend!

      PHP OAuth Library  >  PHP OAuth Library package blog  >  PHP OAuth Tutorial on...  >  All threads  >  Google OAuth offline access and Box...  >  (Un) Subscribe thread alerts  
Subject:Google OAuth offline access and Box...
Summary:Is there a way to gather the refresh token in the current class?
Author:Steve Penn
Date:2013-02-12 09:43:00
Update:2013-02-12 11:44:32

  1. Google OAuth offline access and Box...   Reply   Report abuse  
Picture of Steve Penn Steve Penn - 2013-02-12 09:43:00
I have been looking through the classes within this plugin and i have found it very useful for box, but for the implementation with google (the preferred service) there is no offline access (again which gathers an OAuth "refresh token" (as per the OAuth 2.0 spec)). i was wondering if there was a chance that you could help me add to the class to meet these aims or develop a plugin to accomplish this.

ps. i managed to get both access and refresh tokens with the class (after a couple of edits) and have it refresh automatically but with the google api it is more about the actual request being sent to google requesting 'offline' access -This is where the main issue is-

  2. Re: Google OAuth offline access and Box...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2013-02-12 11:44:32 - In reply to message 1 from Steve Penn
I already looked into this but I am not sure what would be the best solution.

First I need to make time to figure if all implementations of refresh tokens are consistent with a standard definition or if I need to have special handling code for different servers.

For instance, Google needs access_type=offline. I wonder if that is a standard parameter. It seems does not require that. I would need to see other API that provide refresh tokens to assure I can implement a good generalized solution.

Another problem is about where the refresh token would be used to get a new token.

I thought about puting in the CallAPI function but that means the developer would need to write code that would be aware any changes done to the access token so he can update the new token and expiry in his database.

It can work but I am not sure if this is simple enough. I would like to figure a less complicated solution if possible. That is why I did not yet rush the first solution that came to mind.