Can we suppress Google from automatically trying to refresh on expired tokens?

[nick-catalist]

We need to capture user's Google Auth Tokens to securely store on our own side. I want to prevent Google from attempting to refresh the token on requests itself, since then it refreshes the token, and we are never informed of this.

Currently, we work around this by not providing the refresh token when initializing the client, and then catching the RefreshError that gets emitted and then POSTing a request to refresh the token ourselves.

However, I suspect this is causing problems sometimes, e.g. when we refresh the token and a Google client that has the old token makes a call and attempts a refresh internally, this might be causing Google to invalidate all active tokens via automatic reuse detection.

I wonder if there is just a way that we can tell the Google python API client to not attempt a refresh at all, but instead just return the 401 response/error so that we can handle refreshes ourselves?

For context, we are initializing our clients like so:

google_credentials = google.oauth2.credentials.Credentials(token=access_token)
service = googleapiclient.discovery.build("calendar", "v3", credentials=google_credentials)

And an example call we're making where we'd like it to NOT try a refresh:

self.service.events()
                .list(
                    calendarId="primary",
                    timeMin=time_min,
                    timeMax=time_max,
                    orderBy="startTime",
                    singleEvents=True,
                    maxResults=results_per_page,
                    pageToken=page_token,
                )
                .execute()

[derwaro]

I'm in the same situation.
How long can the library go on auto-refreshing using the refresh-token? I implemented some logic as of now that should trigger, when the refresh does fail eventually, but how can I be sure of that?