2

I'm using the google-api-java-client version 1.8-beta for oAuth2 authentication with Google accounts. Everything fine until I get the GoogleTokenResponse object, which has the access token but not refresh token. To build the request url I user the following method :

...
    googleAuthenticationUrl = new GoogleAuthorizationCodeRequestUrl(CLIENT_ID, callBackUrl, scopes).build();
...

When getting the request token I exchange it with an access token in this line :

...
GoogleTokenResponse tokenResponse =  new GoogleAuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(), CLIENT_ID, CLIENT_SECRET, request.getParameter(CODE_URL_PARAM), callBackUrl).execute();
...

The returned GoogleTokenResponse object does not contains the refresh token : 

{"access_token":"ya29.AH..etc...9-Y","expires_in":3600,"token_type":"Bearer"}

Could you please shed my light on this issue ? Thank you very much for your help!

PapelPincel
  • 4,255
  • 6
  • 39
  • 49

3 Answers3

5

When building the request Url, you should set the Access Type :

requestUrl = new GoogleAuthorizationCodeRequestUrl(googleClientId, callBackUrl, scopes)
    .setApprovalPrompt("force") // needed if user already granted permission
    .setAccessType("offline")
    .build();

As described in this page setting this parameter is recommended :

[...] We recommend that you explicitly set the access_type parameter to offline because we anticipate that when the online value is introduced, it will be as the default behavior. This could cause unexpected changes in your application since it would affect the way that your application is allowed to refresh access tokens. By explicitly setting the parameter value to offline, you can avoid any changes in your application's functionality. [...]

Charlie
  • 8,530
  • 2
  • 55
  • 53
PapelPincel
  • 4,255
  • 6
  • 39
  • 49
  • 1
    in GoogleAuthorizationCodeFlow.Builder : Upgrade warning: prior to version 1.10 the default was {@code "offline"}. However, starting with version 1.10 it is {@code null}, which means {@code "online"} for web applications. To keep the prior behavior, you need to explicitly call {@code setAccessType("offline")}. – koma Aug 19 '12 at 01:27
  • If what you (PapelPincel) write (taken from Google Developer page) were correct i'd say that is not sufficient to "Auto-refresh the token before it expires" (as https://developers.google.com/oauthplayground/ says). So how do i refresh access token in the background without ask an other time to User to make a new Authorization? – Aerox Jun 09 '14 at 20:04
2

In addition to PapelPincel's answer, I had to also force the approval prompt using the .Net release 1.8.1.970 to get the refresh token. eg

var authReq = new GoogleAuthorizationCodeRequestUrl(new Uri(GoogleAuthConsts.AuthorizationUrl)) { 
    RedirectUri = Callback, 
    ClientId = ClientId, 
    AccessType = "offline", 
    Scope = string.Join(" ", new[] { Scopes... }), 
    ApprovalPrompt = "force" 
};
Sir CodesALot
  • 946
  • 1
  • 15
  • 16
0

For anyone getting here from a Google search, I was not using the pure server side flow, so was getting the authorization token via javascript as in this doc, @PapelPincel answer was a hint for me.

You should add data-accesstype="offline" to your button as in the following snippet:

Example:

          <span
            data-accesstype="offline"
            class="g-signin"
            data-callback="signinCallback"
            data-clientid="CLIENT_ID"
            data-redirecturi="postmessage"
            data-cookiepolicy="single_host_origin"
            data-requestvisibleactions="http://schemas.google.com/AddActivity"
            data-scope="https://www.googleapis.com/auth/plus.login">
          </span>
redochka
  • 12,345
  • 14
  • 66
  • 79