No refresh token / permission to access data while offline (google-oauth)

0
votes

According to the documentation here:

https://developers.google.com/accounts/docs/OAuth2WebServer#offline

Requests with access_type=offline in the querystring should grant a permission to access data while the user is offline and result in google sending a refresh token when the user accepts. This is no longer happening as of a few days ago. Does anyone know what changed or if there is a better way to go about getting an access/refresh token?

Apparently this can occur if the account you are trying to link has already granted the permissions (in which case you need to revoke the permissions on that google account before trying again). In our case it is happening even with revoked permissions.

1
google-oauth

1 Answers

1
votes

If you are asking offline access and still not getting a refresh token that means that for that particular user a refresh token was already issued and the authorization request was auto-approved. See the "Important" block.

It is possible that there are multiple refresh tokens issued for that given user, how did you revoke permissions?

In order to recover from this situation you have to suppress auto-approval by adding prompt=none to the request (approval_prompt=force is the old way): https://developers.google.com/accounts/docs/OAuth2Login#authenticationuriparameters

Make sure you suppress auto-approval only in these corner cases.