Hei guys
I ve created an API to connect to Google fit.
After 1h, I have to refresh the token. I can’t find the way to refresh it without logging in of the user again to its google account.
Here the screenshot.
Hi,
I’ve implemented something similar not long ago which had a 3600 second expiry (i.e. 1hr also) and this is how I did it, which you might be able to use something similar.
I created a data type called API Token. This included the token itself and a field for expiry.
On my backend workflow for a critical path of my user flow, I included a step which looked at the token and checked if expiry was < “current date/time + 5minutes“, if yes, proceed with another workflow called Refresh Token.
This backend workflow refreshed the token (i.e. Make Changes to a Thing) and as part of the API response, set the expiry to “Current Date/Time“+expiry (3600) in seconds.
So, the token is always refreshed if it is expired or close to expiration.
There are a few other conditions that I’ve got but they aren’t relevant to your use case so I’ve excluded them.
Let me know if you need more info.
Cheers
Steve
1 Like
Hei @wirthitconsulting thanks for the response. 
Do you maybe have some screenshot I can navigate through?
Plus, isn’t it an overload of calls if let’s say I have 500 users? → I m not techncial but I theoretically can calculate 24 (hours per day) * 500 users = 12.000 calls every day?
Does it influence my app in someways?
The token in API connector is never refreshed. This is only done for your user. Are you talking about the expiration in API Connector itself?
hei @Jici After one hour i receive always this. I m not sure what is it
In your last screenshot, I can see you added an Authorization header. Delete this from all your call because this create conflict between what you set and user-agent auth. Bubble add the authorization header to all your call, you don’t need to add them. Also, remeve shared parameters for all calls. This is applied to other call, not to the auth flow. You don’t need this. Finally, Ican see you have Authorization API call set under your auth. this is also not needed.
Don’t use manual auth like @wirthitconsulting suggested if you don’t need to.
@Jici So if i do this I basically resolve the refreshing problem?
Or should I do something else?
Set Authentication goes in the header. also, this is important that user allow this in consent screen. if you already have the user created, it won’t work until you go to consent screen again. So you may need to add ?prompt=consent to the auth url (login dialog redirect). Delete it from shared parameters.
I disconnected my gmail with my app before proceeding.
I added ?prompt=consent to the auth url and deleted the shared parameters but then it gives me this
Can you share the url and what you have set? I don’t think Bubble add it automatically, but maybe…
@gianlucabiancardi96 @Jici the way I understand it is that the auth token will expire unless you do something about it so he’ll need a refresh token, which will need to be stored somewhere on his side. With Google FIT Oauth, I understand he’ll need to add offline_access to his scopes and a refresh token will be sent to him in the initial token request. He’ll then use that to refresh token to get a long-lived token he can store against the user who is authenticated and won’t need to go through the authentication each time.
Apologies, my method described above is for server-to-server authentication based on a tenant having access and not an individual user. For that particular API I don’t have a refresh token so need to do it in a certain way.
When you use the user-agent Bubble auth, the access_token is refreshed automatically by Bubble (but not for API Connector) but the offline access need to be enabled. No need to add this for the scopes in Google but for some other API, this is how it work. So no, you don’t have to do anything to refresh the token outside of following Google configuration guide when using Bubble auth user-agent flow.
But, talking with @gianlucabiancardi96 , the issue is that the auth is used to be added to existing user created with Bubble regular signup flow (email and password). Bubble often doesn’t handle multiple auth well for a single user. So I recommend to use manual process instead.
1 Like
Nice, thank you for explanation! 
1 Like