Refresh token flow

Overview

Some integrators expect their payment tokens to expire. In this situation, as the token nears its expiration, Google will authenticate the user again and extend the token's expiration. This is called the refresh token flow, or re-association flow. During this flow, the integrator tells Google when the payment token expires.

How the flow works

If a token has expired, or is about to expire, this flow will go through the process of renewing the expiry date.

Refresh Token Flow

Here is a list of the object represented in the diagram above:

• Google Server: The backend server at Google that sends the capture command to the Payment Integrator Server.
• Payment Integrator Server: The backend server of the integrator that accepts the request for a funds capture.

In this flow, the token either has expired or is near expiry. The action begins with the Payment Integrator Server.

1. The Payment Integrator Server tells the Google Server that the token has expired or is about to expire.
2. The Google Server sends a refreshToken message to the Payment Integrator Server. This includes the authenticationRequestId, and GPT as proof of authentication.
3. The Payment Integrator Server refreshes the token with a new expiry date. This may occur whether the original token has expired or not.
4. The Payment Integrator Server sends the Google Server a Success message.

Best practices and other considerations

The googlePaymentToken sent to the Payment Integrator Server will not be a new token, but an existing token that has already been established via associateAccount. If the token is unknown an error message of FAILED_PRECONDITION should be returned.