3

In my Google OAuth request using .Net HttpPost refresh_token value is missing.

Reference: https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code enter image description here

My input HTTP post request -

...google oauth post request details..url - (https://accounts.google.com/o/oauth2/token)...
and the postData - (client_id=<client_id>&client_secret=<client_secret_key>&grant_type=authorization_code&redirect_uri=<redirect_url>&code=<authorization_code>&access_type=offline&prompt=consent&approval_prompt=force)

Note: I have a valid response with access_token. However, refresh_token object value with empty record.

Please help.

I already reviewed these links - Not receiving Google OAuth refresh token

Dhana
  • 1,618
  • 4
  • 23
  • 39

1 Answers1

2

The call to exchange the authorization code for an access token and refresh token looks as follows.

HTTP POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}&client_secret={ClientSecret}&redirect_uri={redirectURI}&grant_type=authorization_code

You dont use access_type , approval_prompt, prompt as part of the exchange for the authorization code those are included in the HTTP GET request that shows the consent screen.

Here you can add access_type, if you have created web credentials client on google developer console.

HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline

If your interested in seeing how the calls are built up this might help. Understanding Google OAuth 2.0 with curl

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Below response objects only created for request - refresh_token object itself missing! ({ "access_token": {values}, "expires_in": 3599, "scope": {url}, "token_type": "Bearer", "id_token": "values" }) Does id_token is the refresh_token? – Dhana Oct 28 '21 at 15:54
  • 2
    id token is open id connect and not oauth2 – Linda Lawton - DaImTo Oct 28 '21 at 16:40
  • Looks like an issue only with my account used to authorize OAuth. Note my account is used for the Google Play console and API access only to Google Play Android Developer API. Am I missing any permission? – Dhana Oct 29 '21 at 02:33
  • Your client id and client secrete were created here right https://console.cloud.google.com/apis/dashboard which type of client did you create? – Linda Lawton - DaImTo Oct 29 '21 at 07:51
  • Yes. OAuth 2.0 and enabled only with Google Play Android Developer API Service. – Dhana Oct 29 '21 at 15:43
  • I still need help. refresh_token missing for only with my account :( – Dhana Oct 31 '21 at 01:29
  • Have you tried removing consent and then authorizing it again [apps with consent](https://support.google.com/accounts/answer/3466521?hl=en) – Linda Lawton - DaImTo Nov 15 '21 at 17:33