google oauth2: re-acquiring a refresh_token for an authorized user on a web server application

Question

I'm using oauth2 on a web server and the flow works flawlessly (https://developers.google.com/accounts/docs/OAuth2WebServer).

However, I have some situations in which I need to re-acquire a refresh_token (let's say for example that the refresh_token has been "lost").

In this case when I go through stages 1&2 again I only get an access_token and not a refresh_token. If the user revokes permission through his google account console and goes through stages 1&2 again I will get a new refresh_token.

Is this known oauth2 behavior? is there a way to force a new refresh_token or getting the same one again?

score 8 · Accepted Answer · edited Aug 02 '16 at 12:36

From https://developers.google.com/accounts/docs/OAuth2WebServer:

Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the approval_prompt parameter in the authorization code request, and set the value to force.

score 0 · Answer 2 · edited May 23 '17 at 10:30

0

Butter Answer is here. You have to add parameter approval_prompt=force in your post request for token.

edited May 23 '17 at 10:30

Community

1
1

answered Nov 26 '13 at 12:41

Adeem

1,296
1
16
30

google oauth2: re-acquiring a refresh_token for an authorized user on a web server application

2 Answers2