Google Cloud Storage requires constant reauthentication

NetDrive receives access token and refresh token from Google. NetDrive uses access token to access your files and it expires in 60 minutes. When the access token expires NetDrive uses refresh token to get new access token from Google. Refresh token expires in 6 months.

Your refresh token can be expired in 7 days if you use your own App (client id / secret) for Google Cloud Storage and your App is in “Testing” status.

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of “Testing” is issued a refresh token expiring in 7 days.

If your app is in “Publishing” status your refresh token can expires for one of these reasons.

  • The user has revoked your app’s access.
  • The refresh token has not been used for six months.
  • The user changed passwords and the refresh token contains Gmail scopes.
  • The user account has exceeded a maximum number of granted (live) refresh tokens.
  • The user belongs to a Google Cloud Platform organization that has session control policies in effect.


As per my previous posts (here and here) that prompted this thread, I’m rather confused by the process of setting up a Google Cloud Storage account connection and hoped @ysh or someone else from the NetDrive team might be able to give a walk-through?

I think I have previously misunderstood the process around initial authorisation and Client ID/Secret stuff, as I am having to constantly re-authorise NetDrive. There is no mention of this step on the connection instructions within NetDrive’s help site.

I have no other OAuth set up within my Google APIs - I’m just trying to connect to a GCS Bucket that is used as an image CDN for a website.

The OAuth ‘app’ is in testing. Surely I don’t need to publish and do all of this, making it available publicly, just to set up a connection to a private Bucket?

If someone could provide an idiot-friendly walk-through from scratch it would be very helpful!