A refresh token is retrieved the very first time the user gives permission to your app. You can then store this token on your server for later use. This is a permanent token without expiration and it will last until the user revokes it. Revocation can be done online from the Account Permissions page.
More detail of the OAuth implementation for Google+ can be found on the Using OAuth 2.0 to Access Google APIs page. This example will assume you are familiar with the protocol and have already
set up an app and configured it for use with Google+ API.
This example is written in PHP and relies on the Google APIs Client Library for PHP (version 1.1).
So lets get started with some code. I am going to assume that the client ID and the client secret are defined with two variables as follows:
Now what we need to do is to generate a URL that is clicked by the user (or the user is redirected to) that will initiate the OAuth flow. When generating this URL, it's important to set the required scopes and any visible actions that will be needed by your app in the future. I also force the approval prompt in this case so that I am guaranteed to get a new token.
Last, it is critical to have a redirect URL set up back to yourself, this is the URL that the Google+ API will redirect to once the user has authorised your app. This URL must be in the list of authorised redirect URIs for your app. In this case, I use redirect to the request.php page and also set a parameter gp so that my code can know that the request came from the Google+ API. The code looks to see if the gp URL parameter was set, the 'Get Access' link is only generated if it has not.
Continuing with the same source file, the code below is run after Google has redirected back to you. The gp and code URL parameters are checked. The former is something I've defined, the latter is something that Google sends back. The code parameter is used for the final part of the OAuth flow, then we can get the refresh token and save it for later use. The save_token() method is not shown here, this method should permanently store the fetched token to your server in a secure location.
At this point, the refresh token is available to make other calls to the Google+ API. So lets see how it's used. Another script is needed for that since the previous one only dealt with requesting and storing the token.
What the code above does is load the previously saved token. The load_token() method is not shown here, but should load the refresh token from a location on your server. After we have the refresh token, the refreshToken() method is called on the Google+ client to get a new access token, which is then verified. After this point a Google+ service is created by passing in the client object. Then, a simple app activity is written.