Reputation: 2812
google oauth2: re-acquiring a refresh_token for an authorized user on a web server application
I'm using oauth2 on a web server and the flow works flawlessly (https://developers.google.com/accounts/docs/OAuth2WebServer).
However, I have some situations in which I need to re-acquire a refresh_token (let's say for example that the refresh_token has been "lost").
In this case when I go through stages 1&2 again I only get an access_token and not a refresh_token. If the user revokes permission through his google account console and goes through stages 1&2 again I will get a new refresh_token.
Is this known oauth2 behavior? is there a way to force a new refresh_token or getting the same one again?
Upvotes: 3
Views: 3124
Answers (2)
Reputation: 2812
From https://developers.google.com/accounts/docs/OAuth2WebServer:
Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the approval_prompt parameter in the authorization code request, and set the value to force.
Upvotes: 8
Related Questions
- Retrieving refresh token using oauth2 on Google Contacts API version 3.0
- google oauth2 id_token vs refresh_token
- Understanding Google OAuth2 Refresh tokens
- Google API OAuth2 - Get refresh token from Authorization token
- Google Oauth2: Refreshing id_token on the client side
- Google Oauth2 API - No Refresh Token
- Google Oauth refresh Token
- OAuth 2.0 Access Tokens and Refresh Tokens
- Refresh Token request returning new refresh token?
- Google OAuth 2.0 refresh token for web application with public access