Using OAuth2 Authenticator - HOw do i refresh token?

Hi Folks

Using OAuth 2 Authenticator to connect to google services.
However it doesn’t automatically refresh the token.

Any suggestions as to how i can achieve this?



Hey, I have a couple suggestions you could try:

  1. Check Token Expiry
  2. Refresh Token - Before making a request to Google services, check if the token is expired. If it is, use the refresh token provided by Google to get a new access token.
  3. Use a Library
  4. Handle Errors
1 Like

Ya that process is fairly straightforward.

There are no options in the oAUth 2 Authenticator to enter refresh token url, nor is it clear if it checks for token expiry and refresh.

I want to connect it to the Google COnnector, but i don’t know how you create one of those blue connectors it accepts.

there is the Palladian oAuth2 connector that appears to handle token refresh, but again, don’t know how to convert a table output to a blue connector.

If i try to use the Google Authenticator, i don’t know what redirect_url the node sets so it never matches my credentials.
When i thought i figured out the redirect_url and changed my credentials to match, it seems the Google Auth tool changes the re_direct expectation each time.

it seems wherever i look there is an element missing…

All i want is a stable connection to Google without the need of a service account, API method…

Let’s break down the issues and see if we can find solutions:
Refresh Token URL - The OAuth 2 Authenticator node in KNIME may not have an explicit option to set the refresh token URL. Instead, it should handle token refresh automatically based on the expiration time of the token.
Token Expiry and Refresh - As mentioned earlier, the Authenticator node should handle token expiry and refresh automatically. If it’s not doing so, you may need to check the node configuration or consult the documentation to ensure it’s set up correctly.
Creating a Custom Google Connector Creating a custom connector for Google services in KNIME typically involves creating a new node using the KNIME SDK. This process can be complex and requires Java programming knowledge. If you’re looking for a simpler solution, you may want to explore existing nodes or plugins that provide the functionality you need.
Matching Redirect URL - The redirect URL used by the Google Authenticator node should be set to urn:ietf:wg:oauth:2.0:oob for out-of-band authentication. This is a standard redirect URL used for desktop applications.
Stable Connection - If you’re still having trouble with the Google Authenticator node, you might consider using the Palladian OAuth2 Connector node instead. This node is designed to handle OAuth2 authentication and may provide a more stable connection to Google services.

Thanks Roberto

I think together with a colleague of yours you identified a core configuration we need to change.

When setting up the oAuth client ID we used Web Application as the application type. However @diego_rod_lop suggested to use desktop app and that also syncs with your suggestion.

We will try that, and hopefully via the Knime Google Authenticator we will have a stable connection.

Hello @Gavin_Attard ,
In general the Credentials port object (blue port) takes care of refreshing the session token as long as the refresh token is valid. Could you give a brief description about what nodes you are using right now, how they are connected and in which nodes the token refresh fails. Maybe include a screenshot of your workflow that explains it. This would help us to find the problem at hand.
If you cannot use the KNIME Analytics Platform default application for interactive authentication please setup a OAuth consent screen and OAuth client ID for a Desktop app as described in the linked Google documentation.



Hi Tobias

We have setup the gcp project, consent screen and client id.

Knime nodes used are:
Credentials Configuration and OAuth2 Connector

What seems to be happening is that it looses the ability to refresh (error: refresh token is missing)

We have resolved the core issue (we think, i’ll tell you in an hour :smiley: )