google oauth2: re-acquiring a refresh_token for an authorized user on a web server application

Question

I'm using oauth2 on a web server and the flow works flawlessly (https://developers.google.com/accounts/docs/OAuth2WebServer).

However, I have some situations in which I need to re-acquire a refresh_token (let's say for example that the refresh_token has been "lost").

In this case when I go through stages 1&2 again I only get an access_token and not a refresh_token. If the user revokes permission through his google account console and goes through stages 1&2 again I will get a new refresh_token.

Is this known oauth2 behavior? is there a way to force a new refresh_token or getting the same one again?

Answer 1

From https://developers.google.com/accounts/docs/OAuth2WebServer:

Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the approval_prompt parameter in the authorization code request, and set the value to force.