Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

oauth2Client.getToken missing refresh_token

Tags:

javascript

node.js

oauth-2.0

google-api-nodejs-client

I have a small express server that has two routes. Then it writes the json tokens to a file (I know very insecure). For some reason there's no refresh_token. In the docs theres a comment that offline for access_type gets refresh_token, which is set and it's still not working

access_type: 'offline', // 'online' (default) or 'offline' (gets refresh_token)

Here's the express server, sorry if the promises throw anyone off.

var Promise = require("bluebird")
var express = require('express')
var app = express()

var google = require('googleapis')
var OAuth2 = google.auth.OAuth2
var clientSecrets = require("./client_secrets.json")
var oauth2Client = new OAuth2(clientSecrets.web.client_id, clientSecrets.web.client_secret, clientSecrets.web.redirect_uris[0]);
oauth2Client.getToken = Promise.promisify(oauth2Client.getToken)

var fs = Promise.promisifyAll(require("fs"))

app.get('/google', function (req, res) {
  var url = oauth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: "https://www.googleapis.com/auth/drive"
  })
  return res.redirect(url)
})

app.get('/oauth2callback', function (req, res) {
  return oauth2Client.getToken(req.query.code).then(function(tokens){
    fs.writeFileAsync("./tokens.json", JSON.stringify(tokens), "utf8");
    return res.json(tokens)
  }).catch(function(err){
    return res.redirect("/google")
  })
})

var server = app.listen(3000, function () {})
like image 903
ThomasReggi Avatar asked Feb 17 '15 15:02

ThomasReggi

2 Answers

The refresh_token is only sent when the user initially authorizes your app with their account. So it the getToken function only returns it the first time (because you should store it). Added approval_prompt: "force" to the generateAuthUrl options, and I can get it every time.

like image 66
ThomasReggi Avatar answered Oct 23 '22 12:10

ThomasReggi

To be more precise, you only get a refresh_token back when the user saw the consent screen, AKA the list of scopes and the "Accept" button. Users will see this screen the first time they are asked to grant access, but upon subsequent trips through the OAuth flow that screen is skipped (assuming they haven't revoked access). However, you can force the user to see the consent screen again by passing &prompt=consent in the authorization URL:

var url = oauth2Client.generateAuthUrl({
  access_type: 'offline',
  scope: scopes,
  prompt: 'consent'
});
like image 2
Sudhanshu Sharma Avatar answered Oct 23 '22 14:10

Sudhanshu Sharma
Sign in to Comment

Related questions

How to limit the concurrency of flatMap?
npm install express give me checksum error
Link to specific tab Bootstrap
Avoid formatDate error in Google Apps Script
d3 How to trigger event on the object behind text
What is the difference between buffered and unbuffered code?
Target multiple selectors in JS only
AngularJS route parameters with any characters
Preserve appearance of dragged A element when using html5 draggable attribute
calculating intersection point of quadratic bezier curve
Inject modules conditionally in AngularJS app
Clickable div that redirect me to another HTML page
TypeError: Cannot read property 'concat' of undefined
how to detect user's language while he/she is typing
Overlay Line on chart.js Graph
Why was the global 'angular' variable removed from angularjs.TypeScript.DefinitelyTyped?
What's the difference between $document and $window.document in Angular?
Running leaflet on nodejs server side
jQuery image preview exif rotation issue
What version of JavaScript does ASP Classic use?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!