Refresh token is not returned after initial authorization

Question

This is a follow up to question Not receiving Google OAuth refresh token

The answer is "The refresh_token is only provided on the first authorization from the user."

After revoking rights for the app and trying to authorize again, refresh token is not returned. What I get is:

{ "access_token" : "XXXX..", "token_type" : "Bearer", "expires_in" : 3600, "id_token" : "XXXX..." }

Others suggested to use access_type=offline however, according to description offline access is used if:

"application needs to access a Google API when the user is not present at the browser"

which isn't the case for me.

What is a proper way to get refresh token?

Is this using the web server flow, or javascript client flow? — pinoyyid, Feb 24 '14 at 19:01
This is done one a server. Specifically I am using opauth library http://opauth.org/ — dev.e.loper, Feb 24 '14 at 19:34
then @jay's answer applies. You will only get a refresh token if both (a) you have requested one with access_type=offline *and* (b) the user specifically granted it (ie. initial grant, or approval_prompt = force) — pinoyyid, Feb 24 '14 at 19:39

Jay Lee · Accepted Answer · 2014-02-24T18:57:09.817

4

You only get a refresh token if access_type=offline is set. You have two choices of how to handle this:

Don't use access_type=offline. Your access token will be good for 1 hour. After the access token expires, re-prompt the user to authenticate again. They'll need to do the whole OAuth dance again so that you can get a new access token.
Use access_type=offline so that you can get a new access tokens via the refresh token. If you prefer, after the user logs out, you can revoke the tokens.

edited Feb 24 '14 at 18:57

answered Feb 24 '14 at 18:15

Jay Lee

13,415
3
28
59

While testing this, I am revoking application's access and user does go through authentication screen. However, I still don't get refresh_token. – dev.e.loper Feb 24 '14 at 18:27
you only get a refresh token if access_type=offline is set. – Jay Lee Feb 24 '14 at 18:46

score 1 · Answer 2 · answered Feb 25 '14 at 05:03

Every time When you reload you application page , Access Token is Refreshed or you can say the refresh token for this purpose you should use the following but First You Need the authentication

  gapi.auth.getToken().access_token;

i am also doing the same thing by the following Way

   var accessToken = gapi.auth.getToken().access_token;
    var xhr = new XMLHttpRequest();
    xhr.setRequestHeader('Authorization', 'Bearer ' + accessToken);

You can use this to avoid your problem "refresh token is not returned".

Thank You!!

This is the client side Javascript Way – TheDean Feb 25 '14 at 05:20 — TheDean, Feb 25 '14 at 05:20

Refresh token is not returned after initial authorization

2 Answers2