3

I am using oauth2 (node.js and the connect-oauth library) to connect to the Google contacts API version 3.0.

Doing so, I get a response such as:

{ access_token : "...",
"token_typen": "Bearer",
"expires_in" : 3600,
"id_token": "..." }

I am missing the refresh token used to get a new access token as soon as the latter is expired.

Options for OAuth2:

{ host: 'accounts.google.com',
  port: 443,
  path: '/o/oauth2/token',
  method: 'POST',
  headers: 
   { 'Content-Type': 'application/x-www-form-urlencoded',
     Host: 'accounts.google.com',
     'Content-Length': 247 } }

post-body

redirect_uri=http%3A%2F%2Flocalhost%2Foauth2callback&grant_type=authorization_code&client_id=CLIENTID&client_secret=CLIENTSECRET&type=web_server&code=4%2F3gbiESZTEOjiyFPLUhKfE_a_jr8Q

NOTE: I tried to add approval_prompt=force from a similar question to the request-post_body but this resulted in an Error

{ statusCode: 400, data: '{\n  "error" : "invalid_request"\n}' }
vytaute
  • 1,260
  • 4
  • 16
  • 36
forste
  • 1,103
  • 3
  • 14
  • 33

2 Answers2

3

NOTE: I tried to add approval_prompt=force from a similar question to the request-post_body but this resulted in an Error

You don't need the approval_prompt param when you ask for a token. The *approval_prompt* param is for the authorization part.

I am missing the refresh token...

The only way you DON'T get a *refresh_token* is when:

So, try adding: access_type=offline, to the authorization code request.

Edit:

i.e.:

https://accounts.google.com/o/oauth2/auth?client_id=**your_client_id**&scope=https://www.googleapis.com/auth/plus.me&redirect_uri=http://localhost&response_type=code&access_type=offline

If you're getting 400 is because you are adding an invalid parameter or missing one.

Good luck!

Antonio Saco
  • 1,620
  • 12
  • 21
  • thanks for your answer. Unfortunantely that doesn't work either. I get an error: { statusCode: 400, data: '{ "error" : "invalid_request"}' }. – forste Apr 17 '12 at 16:29
2

One time I did this was testing - I had deleted the google authorisation token from the app - so it tried to get another one and it did but without a refresh token.

So check the app you are testing is not authorised for the account you are testing from (does that make sense?)

Paul S Chapman
  • 832
  • 10
  • 37
  • Google will only give you a refresh token once. After the initial auth, you will only get access tokens. You can get a new refresh token if you (or your users) remove access by visiting https://accounts.google.com/b/0/IssuedAuthSubTokens and starting the auth sequence over from the beginning. – HardScale Feb 06 '14 at 03:24
  • That is the answer that helped me. I was testing and trying to get refresh token from my own account (that I registered Google API on). – vytaute Mar 30 '23 at 07:26