How to get persistent access to a user's google account?

Question

My app pulls info from my users' Google Calendars. The users already have to login to my app, so they find it annoying that they have to "Grant Access" to their google account at least once per session (currently using OAuth).

Is there a way to get a permanent (or closer to it) grant?

I'm even open to using openID as my primary authentication. Would that help?

I believe the GData API offers a ClientLogin protocol which would require me to store the users' login info, and I'm not comfortable with that, although if it comes down to it I suppose it's better than the alternative.

Answer 1

oAuth tokens generated once do not expire EVER unless user/application themselves revoke them. Just grab the access token and access secret token once for the first time when user registers on your app. Store it locally and use it to query the GDATA Api whenever you need.

You need not request the access tokens everytime when users log in again.

Answer 2

Since you are using OAuth I understand your application is a web-application? Well, OAuth is the reason you are having the problem you are describing, which is not exactly a problem but a feature of the API. See, OAuth connections are digitally signed therefore every time the user tries to login they are redirected to the OAuthAuthorizeToken page.

To solve your problems use AuthSub instead of OAuth. It is less secure but more convenient. Also it allows your application to simply receive a token saying that the user was verified by Goodle, therefore you wouldn't need to EVER store any information about your users this way.

Hope this helps!

Answer 3

There is an Oauth/OpenID hybrid solution (see source) - basically you ask for certain scope access, get basic user data and request token in return, then you exchange it for auth token and save it for future use.