Here is my workflow for getting the access token and updating the token for youtube api. Im generating an authorization url with parameters
access_type = offline, response_type = code, redirect_uri = uri, scope = scopes, state = state, client_id = id
from the authorization URL I get an authentication code, then I create another URL to get access_token and refresh_token using the code from the authorization URL with these parameters
code: code, client_id: CLIENT_ID, client_secret: CLIENT_SECRET, redirect_uri: serviceCallback, state: state.callback, grant_type: "authorization_code"
As far as I know, the user should complete this process only once, and then it should be automatic. My problem is that I always need to complete authorization, and I always get new access_token and refresh_token, without forcing them upon request.
here is the piece of code where i get the authentication url
getAuthUrl: function(scopes, applicationCallback, serviceCallback, siteId, selectChannel, websiteUrl) { var requestedClientId = CLIENT_ID; var scopess = "https://www.googleapis.com/auth/yt-analytics.readonly https://www.googleapis.com/auth/youtube.readonly https://www.googleapis.com/auth/userinfo.email " + scopes.replace(",", " "); return "https://accounts.google.com/o/oauth2/auth?" + "access_type=offline" + "&response_type=code" + "&redirect_uri=" + serviceCallback + "&scope=" + scopes + "&state=" + JSON.stringify({ service: NAME, callback: applicationCallback, scopes: scopes, siteId: siteId, selectChannel: selectChannel, websiteUrl: websiteUrl }) + "&client_id=" + requestedClientId; },
From there Im returning the code and using this code, clientID and clientSecret to get the access token and update the token
getAuthTokens: function(code, state, res, serviceCallback) { // Google oAuth endpoint var endpoint = "https://www.googleapis.com/oauth2/v4/token"; const scopes = state.scopes.split(" "); // Setup request data var data = { code: code, client_id: CLIENT_ID, client_secret: CLIENT_SECRET, redirect_uri: serviceCallback, state: state.callback, grant_type: "authorization_code" }; request.post(endpoint).send(data).type('form').set('Accept', 'application/json').end(function(err, oAuthResponse) {}); },
I used the wrong endpoint url. I changed it to the different ones provided by the youtube api documentation, and removed the status parameter from the data variable, but still did not fix the problem.
new endpoint url
var endpoint = "https://accounts.google.com/o/oauth2/token";
I really got confused right now because I do not force authorization, and in the Google Apps section my application is already authorized and it does not update authorization, which means that it gives permission only for the first time, and after that, when I click, let it be nothing does not. OAuth should check whether the token is updated or not, so I came to the conclusion that I do not quite understand how it should work, or somehow I test everything in debug or test mode, when the authorization request is automatically forced.
I would be very grateful for any help, because I feel like I tried everything.