Arkadiusz Putko
Reputation: 21
CORS when trying to retrive refresh token from google ouath
Following [https://developers.google.com/accounts/docs/OAuth2InstalledApp][1] I am trying to get user refresh token, but sending request like that:
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.appspot.com/code&
grant_type=authorization_code
I am getting cors problem - is not allowed by Access-Control-Allow-Origin.
Does anyone has this problem?
Upvotes: 1
Views: 517
Answers (1)
breno
Reputation: 3296
Please keep in mind that refresh tokens are not intended to be used in client-side code. In particular, you disclose your client secrets this way. Refresh tokens should only be used in server-side code, where you will not be bound by the origin controls enforced by browsers.
Upvotes: 1
Related Questions
- How to get refresh token while using Google API JS Client
- How to get Google API refresh_token from code
- can't get refresh token for google api. Node js
- Google API OAuth2 - Get refresh token from Authorization token
- Google Oauth2 not returning Refresh token upon authentcation
- Using refresh_token for Google OAuth 2.0 returns http 400 bad request
- Getting refresh tokens from Google with OAuth.io
- Getting refresh tokens from Google with OAuth.io JS SDK (Client side)
- Google Oauth not getting refresh token
- How to get the refresh token with Google OAuth2 Javascript library?