Stay organized with collections
Save and categorize content based on your preferences.
Overview
Some integrators expect their payment tokens to expire. In this situation, as the token nears its expiration, Google will authenticate the user again and extend the token's expiration. This is called the refresh token flow, or re-association flow. During this flow, the integrator tells Google when the payment token expires.
How the flow works
If a token has expired, or is about to expire, this flow will go through the process of renewing the expiry date.
Refresh Token Flow
Here is a list of the object represented in the diagram above:
Google Server: The backend server at Google that sends the capture command to the Payment Integrator Server.
Payment Integrator Server: The backend server of the integrator that accepts the request for a funds capture.
In this flow, the token either has expired or is near expiry. The action begins with the Payment Integrator Server.
The Payment Integrator Server tells the Google Server that the token has expired or is about to expire.
The Google Server sends a refreshToken message to the Payment Integrator Server. This includes the authenticationRequestId, and GPT as proof of authentication.
The Payment Integrator Server refreshes the token with a new expiry date. This may occur whether the original token has expired or not.
The Payment Integrator Server sends the Google Server a Success message.
Best practices and other considerations
The googlePaymentToken sent to the Payment Integrator Server will not be a new token, but an existing token that has already been established via associateAccount. If the token is unknown an error message of FAILED_PRECONDITION should be returned.
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-03 UTC."],[[["\u003cp\u003eGoogle automatically extends expiring payment tokens through a refresh token flow, requiring re-authentication.\u003c/p\u003e\n"],["\u003cp\u003eIntegrators inform Google of token expiration, initiating the refresh process where Google provides authentication proof.\u003c/p\u003e\n"],["\u003cp\u003eThe integrator updates the token's expiration date and confirms success to Google, potentially declining the refresh like an initial association.\u003c/p\u003e\n"],["\u003cp\u003eThe refresh token flow uses the existing payment token, returning an error if the token is unknown to the integrator.\u003c/p\u003e\n"],["\u003cp\u003ePayment tokens have a minimum lifetime of one year and the refresh process can occur before the token actually expires.\u003c/p\u003e\n"]]],["The Payment Integrator Server informs the Google Server when a payment token expires or is near expiry. Google then sends a `refreshToken` message, including an `authenticationRequestId` and `GPT`, to the Payment Integrator Server. The Integrator refreshes the token with a new expiry date, which has a minimum lifetime of one year, then confirms the success to Google. The `googlePaymentToken` used in this process is an existing token, not a new one. If token is not known, it returns a `FAILED_PRECONDITION` error message.\n"],null,["Overview\n\nSome integrators expect their payment tokens to expire. In this situation, as the token nears its expiration, Google will authenticate the user again and extend the token's expiration. This is called the refresh token flow, or re-association flow. During this flow, the integrator tells Google when the payment token expires.\n| **Note:** The token's minimum lifetime is one year.\n\nHow the flow works\n\nIf a token has expired, or is about to expire, this flow will go through the process of renewing the expiry date.\n\nRefresh Token Flow\n\nHere is a list of the object represented in the diagram above:\n\n- **Google Server**: The backend server at Google that sends the capture command to the Payment Integrator Server.\n- **Payment Integrator Server**: The backend server of the integrator that accepts the request for a funds capture.\n\nIn this flow, the token either has expired or is near expiry. The action begins with the Payment Integrator Server.\n\n1. The Payment Integrator Server tells the Google Server that the token has expired or is about to expire.\n2. The Google Server sends a [`refreshToken`](/standard-payments/payment-processor-service-api/v1/TopLevel/refreshToken) message to the Payment Integrator Server. This includes the `authenticationRequestId`, and `GPT` as proof of authentication.\n3. The Payment Integrator Server refreshes the token with a new expiry date. This may occur whether the original token has expired or not.\n4. The Payment Integrator Server sends the Google Server a Success message.\n\n| **Note:** The integrator can choose to decline the refresh for the same reasons an initial association is declined.\n\nBest practices and other considerations\n\nThe [`googlePaymentToken`](/standard-payments/payment-processor-service-api/v1/TopLevel/refreshToken) sent to the Payment Integrator Server will not be a new token, but an existing token that has already been established via [`associateAccount`](/standard-payments/payment-processor-service-api/v1/TopLevel/associateAccount). If the token is unknown an error message of `FAILED_PRECONDITION` should be returned."]]
