Always “Have Offline Access” | Google OAuth 2

8
votes

I am trying to get fetch user's profile using Google OAuth2 api. After user authentication, on the consent page, I am always asked for "Have Offline Access"

The URL in browser looks like :-

https://accounts.google.com/o/oauth2/auth?scope=email&response_type=code&redirect_uri=https://localhost/google_oauth2_login&state=YbzrDo&client_id=asdfasdf-60qhnqf6asdfasdfasdfcopo3plhoj.apps.googleusercontent.com&hl=en-US&from_login=1&as=604c0f3asdfasdf

As visible in the URL above, I have passed scope parameter as 'email'

Google Auth API page says:-

"This scope requests that your app be given access to:

the user's Google account email address. You access the email address by calling people.get, which returns the emails array (or by calling people.getOpenIdConnect, which returns the email property in OIDC-compliant format). the name of the Google Apps domain, if any, that the user belongs to. The domain name is returned as the domain property from people.get (or hd property from getOpenIdConnect). This email scope is equivalent to and replaces the https://www.googleapis.com/auth/userinfo.email scope."

Why I am asked for Offline Access every time?

enter image description here

Google API Console Page for WEB APPLICATION

5
oauth-2.0google-oauth
this happens if there are outstanding tokens. revoke them to solve it. more here stackoverflow.com/questions/21405274/…amwinter

5 Answers

9
votes

I had the same problem, and after googling for a long while, I found this link:

"This app would like to: Have offline access" when access_type=online

it suggests to remove 'localhost' in the redirect_uri, and it works for me.

7
votes

Because you are redirecting back to http(s)://localhost:/. This makes sense because any app that requests redirection to localhost is obviously running locally.

Redirect it to a public web address and it will not bother you.

2
votes

if you are using node js module 'everyauth' , you can override the googles default value by 

.authQueryParam({ access_type:'online', approval_prompt:'auto' })
1
votes

There are two parameters which can cause this prompt:

  • access_type (if it is 'offline', get refresh token)
  • approval_prompt (if it is 'force')

A reference about this can be found here.

Try to change the approval_prompt parameter to 'auto' or add it to your request and check the access_type parameter to 'online' or add it to your request.

0
votes

Looks like you have registered your client as a "Native Application" instead of a "Web Application". Native apps get a refresh token by default which is a long lived token, for which the Resource Owner gets a notification and a consent screen because of its inherent security implications. Change your client type to "Web Application" assuming that's what it is...