I'm using nodemailer and Google OAuth2 to send emails. All the guides say to get a refresh token from oauthplayground. However, other sources say that refresh tokens from oauthplayground expire shortly and should only be used for testing. There is another StackOverflow question with the following answer:
"The solution is to use Oauth2 in your code to request consent of the user, then set your project to in production and store the refresh token locally within your app. Then handle any expired refresh tokens (if the user revokes your access) by requesting authorization again."
This does not make sense to me. Who is "the user"? Is it whoever happens to be accessing the app frontend, and their authorization is used to send emails?
I would like to be able to set a refresh token in the backend, and I would like to not have to keep updating the refresh token manually every few days. Is this possible? Does Google even provide non-expiring refresh tokens? If so, how do I get one?
When you use the OAuth Playground with the default credentials then yes, the refresh tokens will be automatically revoked within 24h.
What you need to do is configure the OAuth Playground with your own application credentials using the config icon on the top right and then the refresh tokens generated won't be automatically revoked.
You first need to create your own app and app credentials using the Google Cloud console And then create app credentials in the APIs and Services section