DEV Community

rashidpbi
rashidpbi

Posted on

🀯 Understanding Google OAuth2 Token Refresh in Node.js (with googleapis)

#googleapis #oauth #webdev #node

When integrating Google OAuth2 in your Node.js / Next.js app using the googleapis library, a key question is:

🧠 "How do I handle access token expiration and refresh automatically?"

Turns out β€” you don't need to handle much at all. But understanding why and how took me down a rabbit hole. Here's what I learned so you don't get stuck like I did.

πŸ”‘ The Basics

When you authorize a user via the OAuth2 web server flow (access_type: "offline"), Google returns:

  • access_token – short-lived, used for API requests
  • refresh_token – used to get a new access token
  • expiry_date – timestamp (in ms) when the access token expires

βœ… The Simple Solution

The good news? You can make Google auto-refresh tokens just by doing this:

oauth2Client.setCredentials({
  access_token,
  refresh_token,
  expiry_date,
});
Enter fullscreen mode Exit fullscreen mode

Then, call the API like normal:

const calendar = google.calendar({ version: "v3", auth: oauth2Client });
await calendar.events.delete({
  calendarId: "primary",
  eventId: "123",
});
Enter fullscreen mode Exit fullscreen mode

If the access_token is expired, the client automatically refreshes it using the refresh_token.

πŸŽ‰ No need to manually check expiry or refresh!

πŸ€” Then Why Do People Use getAccessToken()?

Great question!

Use getAccessToken() only when you need the raw token string, such as:

  • Adding it to custom headers
  • Injecting into a GraphQL/WebSocket context
  • Logging / debugging 
const { token } = await oauth2Client.getAccessToken();
Enter fullscreen mode Exit fullscreen mode

Otherwise, skip it. Google handles everything internally during requests.

πŸ§ͺ How I Tested the Refresh Behavior

Want to test token refresh manually without waiting for expiration?

Just fake the expiry like this:

oauth2Client.setCredentials({
  access_token,
  refresh_token,
  expiry_date: Date.now() - 1000, // fake it as expired
});
Enter fullscreen mode Exit fullscreen mode

Then make a normal API call β€” it will refresh in the background.

πŸ‘€ Bonus: Log When Token Refresh Happens

You can log when a refresh happens using the tokens event:

oauth2Client.on("tokens", (tokens) => {
  console.log("πŸ”„ Refreshed tokens:", tokens);
});
Enter fullscreen mode Exit fullscreen mode

Perfect for debugging or confirming it's working.

🧠 Lessons Learned

  • The docs are technically right, but don't show everything clearly
  • The googleapis package uses google-auth-library internally, which handles refresh logic
  • Set a past expiry_date + make a request = auto-refresh
  • Use getAccessToken() only when you need the token string
  • You don't need to memorize class hierarchies β€” but checking inheritance (like OAuth2Client β†’ AuthClient) helps

🏁 Final Tip

If you're ever unsure about how a client like OAuth2Client behaves:

  • Look for event hooks (like tokens)
  • Check method docs (getAccessToken, request)
  • Look at class inheritance
  • Test locally with fake expiry

Top comments (0)