Invalid attachment token gmail api

Question

I am trying to get an attachment from gmail api -

https://developers.google.com/gmail/api/v1/reference/users/messages/attachments/get#try-it

Token is main user token - I can read emails with this token, id and message id and is correct.

Do I need decode attachment id?
I get if loke that $p->getBody()['attachmentId']

attachmentid is ANGjdJ9jgabAPGnlI7oCAAEvz_Jo-xNYh4-kf9NoCyn-aRPPlf8KuRTsbolmQH0bdDl4Qh3UdfWCBBl8Roaly-rxqRoxTotvIEmls8zqCkFasvFcC-wvQ_6Qun2RM8f8SCDvVpmwguVf6fvWfkl1uu5qdu3iR-GzpyU6zLsV0wcwVuiTtPNh8XjAuqKvFk7PaVgDiNW_Lwk_DDEWP8UxfTqw2afanJMNY5GrqPLhga6FmarDIh5AiM67tY6x5Vl

I also try this in online test but have error.
What is attachment token? other token?

I test token here https://www.googleapis.com/oauth2/v1/tokeninfo?access_token= and it is valid

"scope": " https://mail.google.com/ https://www.googleapis.com/auth/drive ",
 "expires_in": 3518,
 "verified_email": true,
 "access_type": "offline"

Update 1

this example

$token = $client->getAccessToken();
$authObj = json_decode($token);
if(isset($authObj->refresh_token)) {
save_refresh_token($authObj->refresh_token);
}


$token = $client->getAccessToken();

is array not json

"access_token" => "ya29.Ci-XA8H0Qq33gA00E92Nx9CQufeG3U4NvyHUFbUUzyXcOEp50FbuK-z1hic8aNbxZg"
  "token_type" => "Bearer"
  "expires_in" => 3600
  "id_token" => ....
"created" => 1479227459

i can`t get refresh_token - i get access_token from auth_code

 $client->setApprovalPrompt('force');
            $client->setAccessType ("offline");

            $client->authenticate($tokenCode);

            $token = $client->getAccessToken();

i have token but without refresh_token why ?

Answer 1

You should use standard OAuth 2.0 for Web Server Applications. Your app receives short lived access token which let it access those resources and refresh token to allow long term access and make sure you add the offline flag on your oauth2 authorization. You will receive a token that will expire in 3600 seconds or one hour and it is normal to be expired. So you need to use refresh token to get a new working token.

Here are the steps that you need:

$token = $client->getAccessToken();
$authObj = json_decode($token);
if(isset($authObj->refresh_token)) {
save_refresh_token($authObj->refresh_token);
}

It is important to save this refresh_token, then you can update it with

$client->refreshToken($your_saved_refresh_token);
And then set your new access token to the session:

$_SESSION['access_token'] = $client->getAccessToken();

I did some research and found SO ticket which can help you understand oauth web flow: How to refresh token with Google API client?