I'm using the google-api-java-client version 1.8-beta for oAuth2 authentication with Google accounts. Everything fine until I get the GoogleTokenResponse object, which has the access token but not refresh token. To build the request url I user the following method :
...
googleAuthenticationUrl = new GoogleAuthorizationCodeRequestUrl(CLIENT_ID, callBackUrl, scopes).build();
...
When getting the request token I exchange it with an access token in this line :
...
GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(), CLIENT_ID, CLIENT_SECRET, request.getParameter(CODE_URL_PARAM), callBackUrl).execute();
...
The returned GoogleTokenResponse object does not contains the refresh token :
{"access_token":"ya29.AH..etc...9-Y","expires_in":3600,"token_type":"Bearer"}
Could you please shed my light on this issue ? Thank you very much for your help!
When building the request Url, you should set the Access Type :
requestUrl = new GoogleAuthorizationCodeRequestUrl(googleClientId, callBackUrl, scopes).setAccessType("offline").build();
As described in this page setting this parameter is recommended :
[...] We recommend that you explicitly set the access_type parameter to offline because we anticipate that when the online value is introduced, it will be as the default behavior. This could cause unexpected changes in your application since it would affect the way that your application is allowed to refresh access tokens. By explicitly setting the parameter value to offline, you can avoid any changes in your application's functionality. [...]
In addition to PapelPincel's answer, I had to also force the approval prompt using the .Net release 1.8.1.970 to get the refresh token. eg
var authReq = new GoogleAuthorizationCodeRequestUrl(new Uri(GoogleAuthConsts.AuthorizationUrl)) {
RedirectUri = Callback,
ClientId = ClientId,
AccessType = "offline",
Scope = string.Join(" ", new[] { Scopes... }),
ApprovalPrompt = "force"
};
For anyone getting here from a Google search, I was not using the pure server side flow, so was getting the authorization token via javascript as in this doc, @PapelPincel answer was a hint for me.
You should add data-accesstype="offline" to your button as in the following snippet:
Example:
<span
data-accesstype="offline"
class="g-signin"
data-callback="signinCallback"
data-clientid="CLIENT_ID"
data-redirecturi="postmessage"
data-cookiepolicy="single_host_origin"
data-requestvisibleactions="http://schemas.google.com/AddActivity"
data-scope="https://www.googleapis.com/auth/plus.login">
</span>
来源:https://stackoverflow.com/questions/10294124/getting-null-refresh-token