Google+ OAuth API store and retrieve tokens after first login and authorization

Question

I have read the documentation, examples and tutorials of how to use the Google API, I have a mini-app running already that shows your latest activities and information, but

Answer 1

If you'd like Google to skip the authorization prompt for people who have already authorized your application, add this code in your configuration block at the top:

$client->setAccessType("online");
$client-> setApprovalPrompt("auto");

There's one catch with this solution: you will not receive a refresh token when you complete your OAuth dance. This means that your users will be redirected to Google's authentication service every time their access token expires in order to fetch a new one. This will happen roughly every hour.

Background Info

By default the PHP client library is configured to provide offline access. You can see this in the source code. When this mode is enabled the OAuth flow will yield a refresh token that can be used to request new access tokens as needed. You may not even notice this happening. The PHP client library takes care of most of this for you.

This refresh token comes at a cost, though. You are responsible for storing it. If you lose it, your user must re-authorize your application for you to be issued another one. The way you store it depends a lot on the details of your implementation. Session data is a reasonable way to do this if you can make it durable enough.