Auto manage a user's google app engine application

I am creating a service that will mange a user's google app engine application.

In it's simplest form. I am trying to do following functionality

  1. Show a oauth2.0 login button to user.

  2. The user clicks the button. The request will be redirected to google for oauth authentication. The user will authenticate based on the google apps domain account.

    Ex: A user is having qaleader@mycompany.com google apps domain account.

  3. The user logs into the account. This is working fine till now.

I am using passport-google-auth strategy with following configuration.

  passport.use(new GoogleStrategy({
      clientID: config.google.clientID,
      clientSecret: config.google.clientSecret,
      callbackURL: config.google.callbackURL
    },
    function(accessToken, refreshToken, profile, done) {
      return done(null, profile);
    }
  ));

The client ID and client secret is my client id and secret of the service that I am building.

The route configuration is as follows

  // Setting the google oauth routes
  router.route('/auth/google')
    .get(passport.authenticate('google', {
      failureRedirect: '/',
      accessType: 'offline',
      approvalPrompt: 'force',
      scope: [
        'profile',
        'email',
        'https://www.googleapis.com/auth/appengine.admin'
      ]
    }));

In passport verify callback I am getting user profile as well as access token and refresh token.

The authentication flow is working fine. After authentication the user is redirected to home screen. There I have provided a button to update the app engine app. On button click I am running this command

appcfg.py --oauth2_refresh_token=<token> update <path-of-application-to-update>


<token> Is the refreshToken I received in passport verify callback
<path-of-application-to-update> Is the local path of application to update.

After running this command I am getting following error in stdout

2014-09-16 19:17:24,355 ERROR client.py:440 Failed to retrieve access token: {
  "error" : "unauthorized_client"
}

In my google apps admin console I have created a dummy application. Under Authentication type I selected Google Apps Domain and I entered domain as mycompany.com.

The command is run from node.js using child process spawn.

The complete service is build using node.js.