Menu
If I had saved refresh tokens for my users, I wouldn't be interested in trying to acquire a new one. I was caught totally off guard by Google only giving their tokens a single hour gestation. That means refresh tokens are all but required unless you want your users to have to re-log into the site or mobile application once an hour.
So now I have a bunch of users with no refresh tokens. Google isn't supplying me a new one with approval_prompt=force or prompt=none, and access_type=offline.
I need to force Google to send a refresh token despite the fact that one or more were sent previously. How does a person revoke refresh tokens without having a token to begin with?
I'd rather not have to ask each user to revoke it manually. This should be done pragmatically - especially in light of mobile development.
I'd like to focus on a javascript solution if one is available.
I saw a previous posting with the same question, but it is in a completely different context and never received an answer in relation to Google OAuth2.0:
how to refresh or revoke OAuth2.0 access/refresh_token, when no refresh token available?
273
asked Oct 15 '25 14:10
They say
https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
that a fresh token can be revoked by sending a request containing either a refresh token (which you don't have) but also an access token.
The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refersh token will also be revoked.
114
Instead of passing approval_prompt=force, instead you need to pass prompt=consent and it will make the user consent to Offline Access again - which in turn will generate you a new refresh token.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
