Reputation: 565
google oauth2 id_token vs refresh_token
I'm trying to use Google OAuth2 to get user's contact info. I'm not struggling with getting accesses, I am wondering that for some reason I've stopped getting refresh_token instead I get id_token (long JWT string).
I use python urllib to retrieve access information for users. My code is:
scope = 'https://accounts.google.com/o/oauth2/token'
params = urllib.urlencode({
'code': request.GET['code'],
'redirect_uri': settings.SOCIAL_AUTH_GOOGLE_REDIRECT_URI,
'client_id': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY,
'client_secret': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET,
'grant_type': 'authorization_code',
})
Response:
{u'access_token': u'hash',
u'token_type': u'Bearer',
u'expires_in': 3600,
u'id_token': u'really long hash'}
I use contacts scope https://www.google.com/m8/feeds/contacts/default/full?alt=json
When I'm trying to add to params access_type : offline I get the error below:
Failed to retrive access_token. Status: 400
Message: {
"error" : "invalid_request",
"error_description" : "Parameter not allowed for this message type: access_type"
}
So after that I am wondering:
- Can I use
id_tokenrefresh myaccess_token? - If first is
True: How ? - Are there any differences between types of users who are getting authenticated, because I noticed that sometimes you get
refresh_token, but I need to get it permanently, next time I make a OAuth2 flow I getid_token
Upvotes: 3
Views: 2128
Answers (2)
Reputation: 87
I'm sure I'm far too late to help here, but I ran into the same issue so hopefully this will help others.
Google ONLY provides the refresh_token on the first authorization. If the account has already allowed access, the refresh_token will not be provided again. Try revoking access to the app from your google account, then re-authorizing. You will then receive the refresh_token.
Upvotes: 3
Reputation: 5002
If you need a refresh token, you better add access_type=offline and approval_prompt=force onto https://accounts.google.com/o/oauth2/auth?
var url = 'https://accounts.google.com/o/oauth2/auth?' +
'client_id=' + CLIENT_ID + '&' +
'response_type=code&access_type=offline&approval_prompt=force&' +
'redirect_uri=' + encodeURIComponent(REDIRECT_URL) +
'&scope=' + SCOPES;
Then the returned code will always give you a refresh code in the next handshake with https://www.googleapis.com/oauth2/v4/token
Upvotes: 0
Related Questions
- Accomplishing Oauth2.0 authorization with refresh token through Python (Google API service creation)
- Retrieving refresh token using oauth2 on Google Contacts API version 3.0
- Understanding Google OAuth2 Refresh tokens
- Is refreshing the OAuth refresh token standard behavior?
- Get Google OAuth2 credentials or refresh token from Bearer type token?
- How do I use oauth2 and refresh tokens with the google api?
- Google Python API Client Refresh access_token using refresh_token
- Google Oauth2: Refreshing id_token on the client side
- google oauth2: re-acquiring a refresh_token for an authorized user on a web server application
- Is a refresh token same as a request token?