Hey there!
Can someone help me understand why my custom app requires me to manually re-authorize the credentials every 1 hour? I have tried to troubleshoot both on the GCP side of things and in my connection code in Make, but I can’t for the life of me understand why the refresh token is not working.
Here’s my Connection code:
{
// Step 1: OAuth2 authorization request
// See OAuth2 documentation: https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/
"authorize": {
"url": "https://accounts.google.com/o/oauth2/v2/auth", // Endpoint for authorization.
"qs": {
"scope": "{{join(oauth.scope, ',')}}", // Lists the scopes from the "default scope" tab.
"client_id": "{{ifempty(parameters.clientId, common.client_id)}}", // Client ID either provided in common parameters (below) or by the user.
"redirect_uri": "{{oauth.makeRedirectUri}}", // Redirect URI (see the link above).
"response_type": "code",
"access_type": "offline" // Response type "code".
},
// Authorization response handling
// See OAuth2 documentation https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/
"response": {
// Store received "code" into temporary storage.
"temp": {
"code": "{{query.code}}"
}
}
},
"token": {
"condition": "{{temp.code}}", // Checks if "code" has been correctly received by authorization response.
// If API doesn't have authorize endpoint, fix the condition to: "condition": "{{!data.accessToken}}".
"url": "https://oauth2.googleapis.com/token",
"method": "POST",
"body": {
"code": "{{temp.code}}", // Uses stored "code" from authorization response.
"client_id": "{{ifempty(data.clientId, common.client_id)}}",
"grant_type": "authorization_code", // Sets the "grant_type" to "authorization_code".
"redirect_uri": "{{oauth.makeRedirectUri}}",
"client_secret": "{{ifempty(data.clientSecret, common.client_secret)}}"
},
"type": "urlencoded",
"response": {
"data": {
"expires": "{{addSeconds(now, body.expires_in)}}", // Stores the expiration date of accessToken.
"accessToken": "{{body.access_token}}", // Stores the accessToken.
"refreshToken": "{{body.refresh_token}}" // Stores the refreshToken.
}
},
"log": {
"sanitize": [ // Excludes sensitive parameters from logs.
"request.body.code",
"request.body.client_secret",
"response.body.access_token",
"response.body.refresh_token"
]
}
},
"refresh": {
"condition": "{{data.expires < addMinutes(now, 1)}}",
"url": "https://oauth2.googleapis.com/token",
"method": "POST",
"body": {
"client_id": "{{ifempty(parameters.clientId, common.client_id)}}",
"grant_type": "refresh_token",
"client_secret": "{{ifempty(parameters.clientSecret, common.client_secret)}}",
"refresh_token": "{{data.refreshToken}}"
},
"type": "urlencoded",
"response": {
"data": {
"expires": "{{addSeconds(now, body.expires_in)}}", // Stores the expiration date of the new accessToken.
"accessToken": "{{body.access_token}}", // Stores the new accessToken.
// Capture new refresh token if provided, otherwise keep the old one.
"refreshToken": "{{ifempty(body.refresh_token, data.refreshToken)}}"
}
},
"log": {
"sanitize": [
"request.body.client_secret",
"request.body.refresh_token",
"response.body.access_token",
"response.body.refresh_token" // Ensure new refresh token is also sanitized if logged
]
}
},
"info": {
"url": "https://cloudidentity.googleapis.com/v1beta1/devices",
"headers": {
"authorization": "Bearer {{connection.accessToken}}"
},
"response": {},
"log": {
"sanitize": ["request.headers.authorization"]
}
},
"invalidate": {
"url": "https://oauth2.googleapis.com/revoke",
"headers": {
"authorization": "Bearer {{connection.accessToken}}"
},
"log": {
"sanitize": [ // Excludes sensitive parameters from logs.
"request.headers.authorization" // Omit HTTP header "Authorization".
]
}
}
}
Please note that I am using this specific API which has a seperate URL base than all the other Google related apis: Cloud Identity API | Google Cloud
Reference to the articles I’ve used: