How to get the refresh token with Google OAuth2 Javascript library?

Question

I'm using the Google OAuth2 Javascript library to request an access token from users. I want to store the token in a database on the server.

To be able to access that user's data after the token expiration, I also need to store the refresh token. I know how to do that when using a server-side Google OAuth2 library (specify access_type=offline), but I need to be able to do it with the client-side Javascript library and it doesn't work.

Answer 1

You do not want to store the refresh token in the client! That would be akin to storing his username and password.

The Javascript client does not support type=offline, since that would expose the refresh token.

Your choices are :-

1. Generate and store the refresh token on the server
2. Have your client simply keep requesting access tokens as it needs them. Set immediate=true so there is no visible interaction with the user