1

In my Java/Ionic2 application, I request, through REST services, authentication to Google Drive with the refresh token, and then with access_type=offline, as described here: https://developers.google.com/identity/protocols/OAuth2WebServer#refresh.

The server responds 200 OK, so it gives me a refresh and an access token, only the first time I request access. If I try to redo all the authentication process with an already authorized account, from the same browser, even after logging out, the server response does not give me the refresh token, but only the access token. why? Did anyone have such a problem? Thanks

Gianluca Contaldi
  • 23
  • 7

1 Answers1

1

AFAIK, refresh tokens are only provided on the first authorization from the user. You should only obtain a refresh token if your access token have expired and you need new access tokens. As discussed in token expiration, you must write your code to anticipate the possibility that a granted token might no longer work. That's were you will need a refresh token.

See this SO post for additional insights.

Community
  • 1
  • 1
Teyam
  • 7,686
  • 3
  • 15
  • 22
  • 1
    I understand how the refresh token work and how to request a new token access before its expiration. I found the solution in the link to the post: add as parameter into the OAuth redirect 'prompt = consent' so that it always returns a refresh token! thanks – Gianluca Contaldi May 12 '17 at 13:48