Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get refresh token while using Google API JS Client

I have been trying to implement an app that would need user to grant access to Google Analytics. I have been following this tutorial:

https://developers.google.com/analytics/solutions/articles/hello-analytics-api

And at some other places there is code for AngularJs which uses the same functionL

https://gist.github.com/jakemmarsh/5809963

My problem is, that the auth works pretty well, but it does not return a refresh_token. It never returns a refresh_token. I have tried all the possible available on the web. 1. The first time, 2. Using prompt=force etc etc.. But nothing seems to return the refresh_token. I guess that part is skipped by the client or something.

I need to know how can I get the refresh_token when the user grants access for the first time so that I can save it.

like image 948
Sambhav Sharma Avatar asked Jun 27 '14 14:06

Sambhav Sharma


People also ask

How do I refresh token API?

To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required.

How do you get the refresh token in client credentials flow?

To get a new token simply initiate another Client Credentials Grant flow to the /oauth/token endpoint. There is no user interaction involved, so your application can do this at any time.

How do I get refresh token for Google API postman?

Now go to Variables tab in this collection and paste your client Id and secret. Also enter appropriate scope. In Authorization tab of collection, just hit "Get New Access Token". That will open up a web browser window asking for your authentication.


2 Answers

It does not return a refresh token as designed. The tutorial and the code you mentioned are using Google APIs Client Library for JavaScript. This library uses the OAuth 2.0 client-side flow for making requests that require authorization.

As The OAuth 2.0 Authorization Framework says:

The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.

In fact, The authorization code flow is the only one which issue refresh token, and Google supports this flow in these Scenarios: Web server applications, Installed applications, and Applications on limited-input devices, but not Client-side (JavaScript) applications or Service accounts. Get more details from here.

So you'll not get refresh token in this way.

like image 64
Owen Cao Avatar answered Oct 12 '22 23:10

Owen Cao


Not sure if this is the right way, but I'm able to get a refresh token using the following code:

window.gapi.client.init({
  apiKey: this.GOOGLE.API_KEY,
  clientId: this.GOOGLE.CLIENT_ID,
  discoveryDocs: DISCOVERY_DOCS,
  scope: SCOPES
}).then(()=>{
  const authInstance = window.gapi.auth2.getAuthInstance();
  authInstance.grantOfflineAccess()
   .then((res) => {
      console.log(res);
      this.data.refreshToken = res.code;
   });
});
like image 39
hugo der hungrige Avatar answered Oct 13 '22 00:10

hugo der hungrige