server side login session using 3rd party login
I'm building an app which leverages Sencha IO (messaging, channels etc.) and allows authentication via external providers (FB, Google etc.)
On it's own this works fairly straight-forward, however I also need to keep a login session on the server side for ACL and some other things. This is where the fun starts..
The flow I figured is needed to accomplish this is as following:
1) (web) app redirects browser to eg. google https://accounts.google.com/o/oauth2/auth?...
2) user provides un/pw and gives permissions to app
3) google redirects back to app with authorization code in query string
4) sencha io exchanges code for access token
Up until here, all goes well..
Going by https://developers.google.com/+/web/...to-server-flow i continue with:
5) app sends token to server
6) server verifies token according to step 8 described here:
Unfortunately, this keeps failing because is seems that when the token expires or the user logs out, and logs back in, I keep getting the same (now invalid/expired) token from sencha io.
Also, I can't seem to get a refresh token and/or expire time of the token.
Am I missing something? Am I going about that completely the wrong way?
I feel dead in the water and in need of help..