Menu
I am trying to get fetch user's profile using Google OAuth2 api. After user authentication, on the consent page, I am always asked for "Have Offline Access"
The URL in browser looks like :-
https://accounts.google.com/o/oauth2/auth?scope=email&response_type=code&redirect_uri=https://localhost/google_oauth2_login&state=YbzrDo&client_id=asdfasdf-60qhnqf6asdfasdfasdfcopo3plhoj.apps.googleusercontent.com&hl=en-US&from_login=1&as=604c0f3asdfasdf
As visible in the URL above, I have passed scope parameter as 'email'
Google Auth API page says:-
"This scope requests that your app be given access to:
the user's Google account email address. You access the email address by calling people.get, which returns the emails array (or by calling people.getOpenIdConnect, which returns the email property in OIDC-compliant format). the name of the Google Apps domain, if any, that the user belongs to. The domain name is returned as the domain property from people.get (or hd property from getOpenIdConnect). This email scope is equivalent to and replaces the https://www.googleapis.com/auth/userinfo.email scope."
Why I am asked for Offline Access every time?
996
Offline_access - OPTIONAL This scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token that grants access to the End-User's userinfo_endpoint even when the End-User is not present (not logged in).
It depends slightly depending on the flows used. Authorization code flow requires your back-end to post the received code to Azure AD so you'd need access. In case of an API that doesn't call other APIs with Azure AD tokens, it is possible for it to not contact Azure AD at all.
After a user grants offline access to the requested scopes, you can continue to use the API client to access Google APIs on the user's behalf when the user is offline. The client object will refresh the access token as needed.
The offline_access is a scope required to receive refresh token and the authentication request with this scope must be sent to https://login.microsoftonline.com/your_tenant.onmicrosoft.com/oauth2/v2.0/token endpoint URL.
I had the same problem, and after googling for a long while, I found this link:
"This app would like to: Have offline access" when access_type=online
it suggests to remove 'localhost' in the redirect_uri, and it works for me.
103
Because you are redirecting back to http(s)://localhost:/. This makes sense because any app that requests redirection to localhost is obviously running locally.
Redirect it to a public web address and it will not bother you.
31
if you are using node js module 'everyauth' , you can override the googles default value by
.authQueryParam({ access_type:'online', approval_prompt:'auto' })
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
