Invalidated Google Photos Refresh Token (every week)

Unfortunately I don’t think there is a solution for this. See the other threads corresponding to this. Only one person confirmed a working solution. Not sure if that fix will work for you.

Hi Sayontan – thanks for the reply! Woops, I missed seeing those threads when I searched.

Would you consider adding a feature to allow unauthenticated access to shared albums?
– If it’s just shared albums, would this be possible without an API token?
– I’d also feel more comfortable security-wise to not give photonic access to all of my photos

Thanks,
Andrew

Would you consider adding a feature to allow unauthenticated access to shared albums?

This is less about what I would consider vs what Google will allow. Google has zero provision for unauthenticated access. This was possible with the old Picasa API (prior to 2019), but not the current API.

If it’s just shared albums, would this be possible without an API token?

Again, not possible. Though Google seemingly provides a shared URL, that is literally the URL of a page hosted by Google. It is not something that can be parsed by an external application to determine photos.

– I’d also feel more comfortable security-wise to not give photonic access to all of my photos

Actually you have not given Photonic any access whatsoever. Remember: you are creating your own client id, building your own consent screen, doing the authentication using it etc. Photonic or something built by me is nowhere in the picture. Photonic comes in a lot later, after the authentication is done, to parse the results. You can verify for yourself: when you look at who or what has access to your photos, you will see your client id and nothing from me.

Thanks so much for all this explanation! It’s helpful in understanding how it works.

> Google has zero provision for unauthenticated access

Ah, that’s too bad. It’s weird that this is the case. Eg, I have a shared album https://photos.app.goo.gl/qmueD6DbS2649C8h9. Anyone can see the photos, even in incognito mode not logged in to google. It’s weird that it’s not possible to display them through an api, when anyone can publically see them at that url.

> Actually you have not given Photonic any access whatsoever. Remember: you are creating your own client id, building your own consent screen, doing the authentication using it etc

Ah, right. To clarify, my issue was that I mistakenly forgot to pass in an album id once, and it allowed people to see all my photos stored in google photos. Ideally I’d like the client id to only have access to photos I’m sharing publically.

It’s weird that it’s not possible to display them through an api, when anyone can publically see them at that url.

As I have written in my previous post, though Google seemingly provides a shared URL, that is literally the URL of a page hosted by Google. It is not something that can be parsed by an external application to determine photos. More specifically, it is not the result of an API call, and the output is not structured data.

Ideally I’d like the client id to only have access to photos I’m sharing publically.

You could do this by setting an additional parameter as documented. However, there is a catch – this will not only show the albums that you have shared, but it will also show the albums that others have explicitly granted access you to. Again, these are quirks of Google’s API, which is nowhere close to best-of-breed.

> More specifically, it is not the result of an API call, and the output is not structured data.

Ah, got it. Thanks for explaining this

> You could do this by setting an additional parameter as documented

Perfect, I missed reading that, but will start using it – thanks!