TV: Token expiring without refresh token set

[ao-david]

When trying to send a broadcast to the network blue channel, we get the following error:

2024/06/24 00:49:09 (name: HVR Test Broadcast, id: SH41160z3gg) could not stop broadcast: could not get broadcast status: get broadcast status error: could not list broadcasts: Get "https://youtube.googleapis.com/youtube/v3/liveBroadcasts?alt=json&id=SH41160z3gg&part=status&prettyPrint=false": oauth2: token expired and refresh token is not set

This should not happen, as we do not want users to have to reauthenticate regularly

[scruzin]

Tokens should expire, just not too soon.

If users have a one-year subscription to Cloud Blue Premium, I would suggest a one-year expiration is appropriate.

[ao-david]

It seems based on the token I generated this morning that the tokens have an expiry of a single day or less.

I'm not quite familiar enough with oauth and the golang API to change settings, but have observed the following.

• Running locally (standalone) I have been able to generate tokens with refresh tokens to ensure that these tokens can be used ongoing.
• Running on the current deployment, the generated/saved tokens don't appear to have refresh tokens

[scruzin]

There are two types of tokens:

• The access token, which has a short lifespan, permits access to the resource.
• The refresh token, which has a long lifespan, acquires a new access token when the original one expires.

It sounds like the refreshing may not be happening.

[ao-david]

After some back and forth with @saxon-milton about this, we have discovered the following. We didn't have the refresh token in the bucket, meaning that we weren't able to refresh our access token properly. It turns out that this happened because a refresh token will only be returned on the first call to exchange token, any other subsequent calls will only return an access token. Somehow we stored not the first version of the token in the bucket, meaning that we didn't have a refresh token to refresh with.

This was rectified by removing cloudblue (/vidgrind project) access from our youtube connected application settings. This meant that when we re-authenticated we got the refresh token. Meaning this should not be an ongoing issue.

The main issue that we have now (being addressed by #161 and next prs) is that the callback pattern matching is being registered on every call to generateToken. This means that we can only generate a token once on an instance before the instance will crash.

[ao-david]

After merging #164 this issue is still occuring, likely due to the token being overwritten instead of refreshed when getting from the oauth.

Since we are storing the token under the current profiles email, we will know whether a token exists before making a user sign in again. We should check whether a token already exists, and if it does refresh it rather than getting a new token.