Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Google Refresh token rule is incorrect

See original GitHub issue

https://github.com/auth0/rules/blob/master/rules/google-refresh-token.md

is wrong. refresh_token is stored in the identities array. It can be retrieved like the access_token

Issue Analytics

State:
Created 7 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

3reactions

DzmitryUcommented, May 31, 2017

@mtt87 You where totally right. scope: offline_access and access_type: offline are different options. Finally I’ve just added to my request following line:

.parameters(["access_type" : "offline", "approval_prompt" : "force"]) // parameters to obtain google refresh token

It helped and now after log in user.identities contains google refresh token. Thanks a lot! You helped me to solve issue, I was working with for long time.

3reactions

mtt87commented, May 30, 2017

I think I’ve spotted the problem it’s not scope: offline_access but it’s an additional parameter access_type: offline

This is an example of what I’m doing, I hope it helps.

The user has to signup using your webapp and you are asking for offline access so make sure the user see the permission to allow offline access. This is an example config for lock that I use on my webapp

this.lock = new Auth0Lock('xxxxxx', 'xxx.eu.auth0.com', {
        initialScreen:'login',
        allowedConnections: ['google-oauth2'],
        allowSignUp: false,
        auth: {
          redirect: false,
          responseType: "token",
          approval_prompt: 'force',
          params: {
            'access_type': 'offline',
            'approval_prompt' : 'force'
          },
        },
        autoclose: true
      });

Right after the user signed up you are able from the server to make the request to retrieve the google refresh_token. As far as I understood, you can do this only the first time and then you won’t be able to retrieve the token anymore. What I do is make a POST /users to create the new user with { userId: xxx, userEmail: yyy }, then the server is making a request using management API to retrieve the user. See that there is no scope or stuff like that, it’s just a plain call.

app.post('/users', jwtCheck, (req, res) => {
  const { userId, userEmail } = req.body;
  auth0Management.users.get({
    id: userId,
  }).then((user) => {
    // retrieve Google refresh_token from Auth0 and save it for future use
    if (user.identities[0].refresh_token !== undefined) {
      const { refresh_token, access_token } = user.identities[0];
    // do something with your token

Top Results From Across the Web

Access Token and Refresh token giving invalid grant in ...

When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh ...

How to figure out why refresh token become invalid or ...

The problem I am facing is some refresh token will become invalid/expired after one day randomly. Error message is Error:"invalid_grant", ...

Solved: Error message while for invalid refersh token? - Apigee

The following FaultRule works -- and your AssignMessage is called as expected when an invalid refresh token comes in. If you can't get...

Common Errors - Ads API

Your Google project's publishing status is Testing so the refresh token expires every 7 days and receives an invalid_grant error. Go to the...

Google OAuth “invalid_grant” nightmare — and how to fix it

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the ...