How to Verify Google API OAuth Token

July 29, 2017

The Creator Studio add-on fetches the OAuth2 access token for the projects using the Google Apps Script API that is then used to authorize the Google Client JavaScript API and fetch the Slide Screenshots.

Unlike the OAuth2 refresh tokens that are forever valid, the access tokens have limited validity (they expire in under 60 minutes) and you should always verify the token before making a server-side request. It will else fail with an error like Invalid Credentials.

Luckily, Google offers a service googleapis.com/oauth2/v1/tokeninfo to check your access tokens and what Google scopes they have access to.

const isOAuthTokenValid = (token) => {
  const BASE_API = 'https://www.googleapis.com/oauth2/v1/tokeninfo';
  return new Promise((resolve, reject) => {
    fetch(`${BASE_API}?access_token=${token}`, {
      mode: 'cors',
    })
      .then((response) => {
        return response.json();
      })
      .then(({ expires_in: timeout = 0 }) => {
        if (timeout > 0) resolve('Token is valid');
        reject(new Error('Token has expired'));
      });
  });
};

export default isOAuthTokenValid;

Google Cloud Javascript

ShareWhatsAppTwitterFacebook

Amit Agarwal

Google Developer Expert, Google Cloud Champion

Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India.

Amit has developed several popular Google add-ons including Mail Merge for Gmail and Document Studio. Read more on Lifehacker and YourStory