Google OAuth 2.0 Refresh Token

0
votes

I am creating a web application that requires Google OAuth authentication.

I have successfully recieved the refresh and access token, however, I cannot seem to get the refresh token again.

I understand that I need to revoke access from my account in order to get the refresh token again. However this does not seem to work on the multiple accounts that I have tested this on.

login.php

<?php

$url = "https://accounts.google.com/o/oauth2/auth";

$params = array(
    "response_type" => "code",
    "client_id" => "xxxx.apps.googleusercontent.com",
    "redirect_uri" => "http://xxxx.net/auth/callback",
    "scope" => "https://www.googleapis.com/auth/plus.me"
    );

$request_to = $url . '?' . http_build_query($params);

header("Location: " . $request_to);
?>

callback.php

<?php

$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";


$params_request = array(
    "response_type" => "code",
    "client_id" => "$client_id",
    "redirect_uri" => "$redirect_uri",
    "access_type" => "$access_type",
    "approval_prompt" => "$approval_prompt",
    "scope" => "$scope"
    );

$request_to = $url . '?' . http_build_query($params_request);

if(isset($_GET['code'])) {
    // try to get an access token
    $code = $_GET['code'];
    $url = 'https://accounts.google.com/o/oauth2/token';
    $params = array(
        "code" => $code,
        "client_id" => "$client_id",
        "client_secret" => "$client_secret",
        "redirect_uri" => "$redirect_uri",
        "grant_type" => "$grant_type"
    );

    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $json_response = curl_exec($curl);
    curl_close($curl);

    $authObj = json_decode($json_response);

    echo "Refresh token: " . $authObj->refresh_token;
    echo "Access token: " . $authObj->access_token;

    exit("Done.");
}

header("Location: " . $request_to);

?>

Within callback.php, I have attempted to modify the $params_request array to include the arrival_prompt="force" configuration, which is supposed to require user authentication and return the refresh token. However this does not work for me either.

I have even went as far as to regenerate the client ID, revoke access from my account, clear my cache, and reattempt connection, yet still only recieve the access token! What is wrong? Could someone please provide me with a solution and a way to consistently get back the refresh token.

Thank you in advance for your help and time.

1
phpoauthoauth-2.0google-oauthgoogle-login

1 Answers

1
votes

To get a new refresh token for your client you first need to revoke the existing/old refresh token by revoking access for your client in the Account Permissions tab for your Google account and then ask for access_type=offline again. Revoking access for clients is done here: https://security.google.com/settings/security/permissions?pli=1