DEV Community

Cover image for Don't let Google refresh token expire

Posted on • Originally published at

Don't let Google refresh token expire

In this part we will finish setting up workflows related to publishing the extension on Google Web Store and create the workflow that isn't shown on the workflow diagram because it stays aside and isn't included to the main pipeline.

Dealing with Google API credentials we should be aware of the fact that, according to Google's guide, refresh token (which we use in the workflow from the previous part) might stop working if it has not been used for six months. And I can assure you, it happens 😞.

To solve the issue we can use a great option GitHub offers called "schedule event" for workflows.

.github/workflows/touch-google-refresh-token.yml :

name: Touch google token
    - cron:  '0 3 2 * *' # At 03:00 on day-of-month 2
    runs-on: ubuntu-latest
      - uses: cardinalby/google-api-fetch-token-action@v1
          clientId: ${{ secrets.G_CLIENT_ID }}
          clientSecret: ${{ secrets.G_CLIENT_SECRET }}
          refreshToken: ${{ secrets.G_REFRESH_TOKEN }}
Enter fullscreen mode Exit fullscreen mode

Here I assume that you have already obtained and have added values required for Google API access to secrets (as it described at the previous post).

Once a month GitHub will run our workflow and perform the single step: fetching access token using the credentials that we have already added to secrets (see the previous post). It will prevent refresh token from invalidation.

One note here: GitHub will suspend the scheduled trigger for GitHub Action workflows if there is no commit in the repository for the past 60 days. The cron based triggers won't run unless a new commit is made. Probably, you can use the same trick (committing to the repo once a month by schedule) to circumvent this limitation.

Discussion (0)