oAuth on the control room

currently, we have each Bot doing oAuth authentication from stored credentials. Which means that the first time a Bot runs unattended, someone has to manually authorize the logins. Subsequent runs seem to work fine. But I'm pretty sure Google expires those oAuth tokens at some point. It would be nice not to have to manually re-enable those logins.