Not receiving Google OAuth refresh token

Question

I want to get the access token from Google   The Google API says that to get the access token  send the code and other parameters to token generating page  and the response will be a JSON Object like       access token     ya29 AHES6ZTtm7SuokEB-RGtbBty9IIlNiP9-eNMMQKtXdMP3sfjL1Fc    token type     Bearer    expires in    3600   refresh token     1 HKSmLFXzqP0leUihZp2xUt3-5wkU7Gmu2Os eBnzw74      However  I m not receiving the refresh token   The response in my case is       access token     ya29 sddsdsdsdsds h9v nF0IR7XcwDK8XFB2EbvtxmgvB-4oZ8oU    token type     Bearer    expires in    3600

User · Answer

I d like to add a bit more info on this subject for those frustrated souls who encounter this issue  The key to getting a refresh token for an offline app is to make sure you are presenting the consent screen  The refresh token is only returned immediately after a user grants authorization by clicking  quot Allow quot    The issue came up for me  and I suspect many others  after I d been doing some testing in a development environment and therefore already authorized my application on a given account  I then moved to production and attempted to authenticate again using an account which was already authorized  In this case  the consent screen will not come up again and the api will not return a new refresh token  To make this work  you must force the consent screen to appear again by either  prompt consent  or approval prompt force  Either one will work but you should not use both  As of 2021  I d recommend using prompt consent since it replaces the older parameter approval prompt and in some api versions  the latter was actually broken  https   github com googleapis oauth2client issues 453   Also  prompt is a space delimited list so you can set it as prompt select account 20consent if you want both  Of course you also need  access type offline  Additional reading   Docs  https   developers google com identity protocols oauth2 web-server request-parameter-prompt Docs  https   developers google com identity protocols oauth2 openid-connect re-consent Discussion about this issue  https   github com googleapis google-api-python-client issues 213

User · Answer

In order to get the refresh token you have to add both approval prompt force and access type  offline  If you are using the java client provided by Google it will look like this   GoogleAuthorizationCodeFlow flow   new GoogleAuthorizationCodeFlow Builder              HTTP TRANSPORT  JSON FACTORY  getClientSecrets    scopes               build     AuthorizationCodeRequestUrl authorizationUrl               flow newAuthorizationUrl   setRedirectUri callBackUrl                       setApprovalPrompt  force                        setAccessType  offline

User · Answer

I searched a long night and this is doing the trick   Modified user-example php from admin-sdk   client- gt setAccessType  offline     client- gt setApprovalPrompt  force     authUrl    client- gt createAuthUrl    echo   lt a class  login  href       authUrl      gt Connect Me  lt  a gt      then you get the code at the redirect url  and the authenticating with the code and getting the refresh token   client  - gt authenticate   GET  code     echo  client  - gt getRefreshToken      You should store it now     When your accesskey times out just do    client- gt refreshToken  theRefreshTokenYouHadStored

User · Answer

Rich Sutton s answer finally worked for me  after I realized that adding access type offline is done on the front end client s request for an authorization code  not the back end request that exchanges that code for an access token   I ve added a comment to his answer and this link at Google for more info about refreshing tokens   P S  If you are using Satellizer  here is how to add that option to the  authProvider google in AngularJS

User · Answer

For me I was trying out CalendarSampleServlet provided by Google  After 1 hour the access key times out and there is a redirect to a 401 page  I tried all the above options but they didn t work  Finally upon checking the source code for  AbstractAuthorizationCodeServlet   I could see that redirection would be disabled if credentials are present  but ideally it should have checked for refresh token  null  I added below code to CalendarSampleServlet and it worked after that  Great relief after so many hours of frustration   Thank God   if  credential getRefreshToken      null        AuthorizationCodeRequestUrl authorizationUrl   authFlow newAuthorizationUrl        authorizationUrl setRedirectUri getRedirectUri req        onAuthorization req  resp  authorizationUrl       credential   null

User · Answer

In order to get the refresh token you need to include access type offline in the OAuth request URL  When a user authenticates for the first time you will get back a non-nil refresh token as well as an access token that expires    If you have a situation where a user might re-authenticate an account you already have an authentication token for  like  SsjCosty mentions above   you need to get back information from Google on which account the token is for  To do that  add profile to your scopes  Using the OAuth2 Ruby gem  your final request might look something like this   client   OAuth2  Client new    ENV  GOOGLE CLIENT ID      ENV  GOOGLE CLIENT SECRET      authorize url   https   accounts google com o oauth2 auth     token url   https   accounts google com o oauth2 token       Configure authorization url client authorize url    scope   https   www googleapis com auth analytics readonly profile     redirect uri  callback url    access type   offline     prompt   select account      Note the scope has two space-delimited entries  one for read-only access to Google Analytics  and the other is just profile  which is an OpenID Connect standard   This will result in Google providing an additional attribute called id token in the get token response  To get information out of the id token  check out this page in the Google docs  There are a handful of Google-provided libraries that will validate and    decode    this for you  I used the Ruby google-id-token gem   Once you get it parsed  the sub parameter is effectively the unique Google account ID   Worth noting  if you change the scope  you ll get back a refresh token again for users that have already authenticated with the original scope  This is useful if  say  you have a bunch of users already and don t want to make them all un-auth the app in Google   Oh  and one final note  you don t need prompt select account  but it s useful if you have a situation where your users might want to authenticate with more than one Google account  i e   you re not using this for sign-in   authentication

User · Answer

Adding access type offline to the authorisation Google authorisation URL did the trick for me  I am using Java and Spring framework  This is the code that creates the client registration  return CommonOAuth2Provider GOOGLE                      getBuilder client                       scope  quot openid quot    quot profile quot    quot email quot    quot https   www googleapis com auth gmail send quot                        authorizationGrantType AuthorizationGrantType AUTHORIZATION CODE                       authorizationUri  quot https   accounts google com o oauth2 v2 auth access type offline quot                        clientId clientId                       redirectUriTemplate  quot  baseUrl   action  oauth2 code  registrationId  quot                        clientSecret clientSecret                       build     The important part here is the authorization URI  to which  access type offline is appended

User · Answer

I m using nodejs client for access to private data The solution was add the promp property with value consent to the settings object in oAuth2Client generateAuthUrl function  Here is my code  const getNewToken    oAuth2Client  callback    gt        const authUrl   oAuth2Client generateAuthUrl           access type   offline           prompt   consent           scope  SCOPES             console log  Authorize this app by visiting this url    authUrl      const rl   readline createInterface           input  process stdin          output  process stdout             rl question  Enter the code from that page here      code    gt            rl close           oAuth2Client getToken code   err  token    gt                if  err  return console error  Error while trying to retrieve access token   err              oAuth2Client setCredentials token                 Store the token to disk for later program executions             fs writeFile TOKEN PATH  JSON stringify token    err    gt                    if  err  return console error err                  console log  Token stored to   TOKEN PATH                             callback oAuth2Client                       You can use the online parameters extractor to get the code for generate your token  Online parameters extractor Here is the complete code from google official docs  https   developers google com sheets api quickstart nodejs I hope the information is useful

User · Answer

Setting this will cause the refresh token to be sent every time    client- gt setApprovalPrompt  force      an example is given below  php      client   new Google Client     client- gt setClientId  client id    client- gt setClientSecret  client secret    client- gt setRedirectUri  redirect uri    client- gt addScope  email     client- gt addScope  profile      client- gt setAccessType  offline     client- gt setApprovalPrompt  force

User · Answer

Using offline access and prompt consent worked well to me      auth2   gapi auth2 init                       client id    cliend id               auth2 grantOfflineAccess  prompt  consent    then signInCallback

User · Answer

now google had refused those parameters in my request  access type  prompt        and there is no  Revoke Access  button at all  I m frustrating because of getting back my refresh token lol  UPDATE  I found the answer in here  D you can get back the refresh token by a request https   developers google com identity protocols OAuth2WebServer     curl -H  Content-type application x-www-form-urlencoded              https   accounts google com o oauth2 revoke token  token       The token can be an access token or a refresh token  If the token is an access token and it has a corresponding refresh token  the refresh token will also be revoked       If the revocation is successfully processed  then the status code of the response is 200  For error conditions  a status code 400 is returned along with an error code

User · Answer

usr bin env perl      use strict      use warnings      use 5 010 000      use utf8      binmode STDOUT    encoding utf8         use Text  CSV XS      use FindBin      use lib  FindBin  Bin        lib       use Net  Google  Spreadsheets  V4       use Net  Google  DataAPI  Auth  OAuth2       use lib  lib       use Term  Prompt      use Net  Google  DataAPI  Auth  OAuth2      use Net  Google  Spreadsheets      use Data  Printer         my  oauth2   Net  Google  DataAPI  Auth  OAuth2- gt new           client id   gt   ENV CLIENT ID            client secret   gt   ENV CLIENT SECRET            scope   gt    https   www googleapis com auth spreadsheets               my  url    oauth2- gt authorize url          system  open   url         print  go to the following url with your browser  n        print   url n        my  code   prompt  x    paste code                  my  objToken    oauth2- gt get access token  code        my  refresh token    objToken- gt refresh token          print  my refresh token is    n          debug p  refresh token         p    objToken           my  gs   Net  Google  Spreadsheets  V4- gt new              client id        gt   ENV CLIENT ID             client secret    gt   ENV CLIENT SECRET             refresh token    gt   refresh token            spreadsheet id   gt   1hGNULaWpYwtnMDDPPkZT73zLGDUgv5blwJtK7hAiVIU              my  content   res        my  title    My foobar sheet        my  sheet    gs- gt get sheet title   gt   title          create a sheet if does not exit     unless   sheet               content   res     gs- gt request                POST   gt    batchUpdate                                       requests   gt                                                             addSheet   gt                                        properties   gt                                             title   gt   title                                           index   gt  0                                                                                                                                                                     sheet    content- gt  replies  0  addSheet              my  sheet prop    sheet- gt  properties          clear all cells      gs- gt clear sheet sheet id   gt   sheet prop- gt  sheetId           import data     my  requests           my  idx   0       my  rows               qw name age favorite      header           qw tarou 31 curry              qw jirou 18 gyoza              qw saburou 27 ramen                for my  row   rows             push  requests                  pasteData   gt                        coordinate   gt                             sheetId       gt   sheet prop- gt  sheetId                            rowIndex      gt   idx                             columnIndex   gt  0                                             data   gt   gs- gt to csv   row                       type   gt   PASTE NORMAL                       delimiter   gt                                                 format a header row     push  requests             repeatCell   gt                  range   gt                        sheetId         gt   sheet prop- gt  sheetId                       startRowIndex   gt  0                      endRowIndex     gt  1                                 cell   gt                        userEnteredFormat   gt                             backgroundColor   gt                                  red     gt  0 0                                green   gt  0 0                                blue    gt  0 0                                                       horizontalAlignment   gt   CENTER                            textFormat   gt                                  foregroundColor   gt                                        red     gt  1 0                                      green   gt  1 0                                      blue    gt  1 0                                                                bold   gt   1                                                                                    fields   gt   userEnteredFormat backgroundColor textFormat horizontalAlignment                              content   res     gs- gt request           POST   gt    batchUpdate                            requests   gt    requests                          exit        Google Sheets API  v4        Scopes       https   www googleapis com auth drive   View and manage the files in your Google D    i  rive       https   www googleapis com auth drive file View and manage Google Drive files and folders that you have opened or created with this app       https   www googleapis com auth drive readonly   View the files in your Google Drive       https   www googleapis com auth spreadsheets  View and manage your spreadsheets in Google Drive       https   www googleapis com auth spreadsheets readonly  View your Google Spreadsheets

User · Answer

1  How to get  refresh token     Solution  access type  offline  option should be used when generating authURL  source   Using OAuth 2 0 for Web Server Applications  2  But even with  access type offline   I am not getting the  refresh token     Solution  Please note that you will get it only on the first request  so if you are storing it somewhere and there is a provision to overwrite this in your code when getting new access token after previous expires  then make sure not to overwrite this value   From Google Auth Doc    this value   access type      This value instructs the Google authorization server to return a   refresh token and an access token the first time that your application   exchanges an authorization code for tokens    If you need  refresh token  again  then you need to remove access for your app as by following the steps written in Rich Sutton s answer

User · Answer

This has caused me some confusion so I thought I d share what I ve come to learn the hard way   When you request access using the access type offline and approval prompt force parameters you should receive both an access token and a refresh token  The access token expires soon after you receive it and you will need to refresh it    You correctly made the request to get a new access token and received the response that has your new access token  I was also confused by the fact that I didn t get a new refresh token  However  this is how it is meant to be since you can use the same refresh token over and over again   I think some of the other answers assume that you wanted to get yourself a new refresh token for some reason and sugggested that you re-authorize the user but in actual fact  you don t need to since the refresh token you have will work until revoked by the user

User · Answer

In order to get new refresh token each time on authentication the type of OAuth 2 0 credentials created in the dashboard should be  Other   Also as mentioned above the access type  offline  option should be used when generating the authURL   When using credentials with type  Web application  no combination of prompt approval prompt variables will work - you will still get the refresh token only on the first request

User · Answer

The refresh token is only provided on the first authorization from the user   Subsequent authorizations  such as the kind you make while testing an OAuth2 integration  will not return the refresh token again       Go to the page showing Apps with access to your account  https   myaccount google com u 0 permissions  Under the Third-party apps menu  choose your app  Click Remove access and then click Ok to confirm The next OAuth2 request you make will return a refresh token  providing that it also includes the  access type offline  query parameter    Alternatively  you can add the query parameters prompt consent amp access type offline to the OAuth redirect   see Google s OAuth 2 0 for Web Server Applications page    This will prompt the user to authorize the application again and will always return a refresh token

User · Answer

My solution was a bit weird  i tried every solution i found on internet and nothing  Surprisely this worked  delete the credentials json  refresh  vinculate your app in your account again  The new credentials json file will have the refresh token  Backup this file somewhere   Then keep using your app until the refresh token error comes again  Delete the crendetials json file that now is only with an error message  this hapenned in my case   then paste you old credentials file in the folder  its done   Its been 1 week since ive done this and had no more problems

[gdata] Not receiving Google OAuth refresh token

Examples related to gdata

Examples related to gdata-api

Examples related to access-token