Google refresh token missed when authenticating again

Question

At first I could get refresh token on Google authentication but couldn't get it when authenticating again. When I do again, confirmation of Google calendar screen is skipped also. following this picture.

enter image description here

At first I could get like this.

{"provider":"google_oauth2","uid":"XXXXXXXXXXXXXXX","name":"XXXXXXXXX","email":"XXXXXXXXXXXX","image":{"url":"/uploads/user/image/2/photo.jpg"},"access_token":"XXXXXXXXX","refresh_token": "XXXXXXXXXXXXXXXXXXX" ,"oauth_expires_at":"2018-10-03T08:20:22.000Z","id":2,"created_at":"2018-10-01T11:38:25.422Z","updated_at":"2018-10-03T07:20:23.829Z"}

But again, refresh_token is null.

{"provider":"google_oauth2","uid":"XXXXXXXXXXXXXXX","name":"XXXXXXXXX","email":"XXXXXXXXXXXX","image":{"url":"/uploads/user/image/2/photo.jpg"},"access_token":"XXXXXXXXX","refresh_token":null,"oauth_expires_at":"2018-10-03T08:20:22.000Z","id":2,"created_at":"2018-10-01T11:38:25.422Z","updated_at":"2018-10-03T07:20:23.829Z"} ````

user.rb

  def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_initialize.tap do |user|
  user.provider = auth.provider
  user.uid = auth.uid
  user.name = auth.info.name
  user.email = auth.info.email
  user.remote_image_url = auth.info.image
  user.access_token = auth.credentials.token
  user.refresh_token = auth.credentials.refresh_token
  user.oauth_expires_at = Time.at(auth.credentials.expires_at)
  return user
end

end

omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2,
  Rails.application.credentials.google[:google_client_id],
  Rails.application.credentials.google[:google_client_secret],
  {
    :provider_ignores_state => true,
    image_size: 150,
    scope: %w(https://www.googleapis.com/auth/userinfo.email     https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/calendar).join(' '),
    prompt: 'consent',
    access_type: 'offline'
  }
end

Maybe you have this kind of problem? To many refresh tokens. When a user authenticate your application you get a refresh token associated with your project and said user. If the user authenticates your application again you get another refresh token both will work. You can keep doing this until you reach the magic number of 25 at which time the first refresh token will automatically expire. — Nezir, Oct 03 '18 at 08:02
If you sure you dont have that kind of problem then please check this solution and comments: https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token — Nezir, Oct 03 '18 at 08:03

score 1 · Answer 1 · answered Oct 03 '18 at 09:41

Google does not always return a refresh token with a web credentials. Google assumes that when you requested access of the user the first time that you saved the refresh token and will be using that in all future requests.

If you want to get a refresh token back you should go to the users google permissions remove the application and then request again.

Note: re-consent may also work i cant remember you might want to try that. Note this is going to require that the user consent to your application having access again.

Google refresh token missed when authenticating again

1 Answers1