0

I am using the C# Google OAuth library.

I am not sure if this behaviour is expected, but a refresh token is not being set in the TokenResponse file if GoogleAuthorizationCodeFlow is called for an app that has already been authorized.

I am using the Search Console API - so want to use a different TokenResponse file for each site for which I want to get data from, but on setting up the 2nd, 3rd, 4th etc sites (I am using site id as the user id in AppFlowMetadata GetUserId) the TokenFile is created without a refresh token.

Nick Swan
  • 822
  • 2
  • 13
  • 22

1 Answers1

2

That's expected behavior, ee the "access_type" documentation at https://developers.google.com/identity/protocols/OAuth2WebServer#creatingclient:

Set the value to offline if your application needs to refresh access tokens when the user is not present at the browser. This is the method of refreshing access tokens described later in this document. This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens.

See also: Not receiving Google OAuth refresh token

Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • The access_type is set to offline by default with the c# OAuth library, and this is proven by a refresh token being provided when first authorizing an app. The issue is a refresh token is not provided the second time an app goes through the authorization. – Nick Swan May 31 '18 at 19:39
  • the clue is in "first time": only the first time a refresh token is issued; if you want one after that you'll have to revoke the access rights of your app or pass "prompt=consent" in the authorization request (according to the article linked to) – Hans Z. May 31 '18 at 20:08