Build a redirected flow in 3 steps via toplytics.presslabs.net so that the client id and client secret will not be leaked to the end user when connecting via the public method.
Keep a record of all refresh_tokens on toplytics.presslabs.net so that we can revoke access in case something is off.
The steps are:
client site => toplytics.presslabs.net/auth?return_url=...
topltyics.presslabs.net => google auth to grant access
google auth => return to toplytics.presslabs.net (which stores the user as well that came from google)
toplytics.presslabs.net => return to client return_path with the refresh_token
Build a redirected flow in 3 steps via toplytics.presslabs.net so that the client id and client secret will not be leaked to the end user when connecting via the public method.
Keep a record of all refresh_tokens on toplytics.presslabs.net so that we can revoke access in case something is off.
The steps are: