How to get offline token and refresh token and auto-refresh access to Google API

java google-app-engine oauth-2.0 google-api
21,408

Solution 1

One thing you should be careful about: a refresh token is returned (in addition to the access token) only when the user gives consent explicitly for the requested scopes. Basically, when the approval page is shown. All subsequent flows will only return an access token.

Now, in order to test your application and make sure you receive the refresh token the first time around, you could use the approval_prompt=force parameter (builder.setApprovalPrompt("force")) to make sure the approval page is shown in the flow and you obtain explicit consent from the user. After you sort out any issues and make sure the refresh tokens are stored properly, you can remove that flag (the default is auto)

More information is also available in the offline access section in the developer guide.

Solution 2

To get the refresh token you have to set both accessType = "offline" and approvalPrompt = "force".

GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
            HTTP_TRANSPORT,
            JSON_FACTORY,
            CLIENT_ID,
            CLIENT_SECRET,  
            SCOPE)
.setAccessType("offline")
.setApprovalPrompt("force")
.build();
Share:
21,408
Andrew Mackenzie
Author by

Andrew Mackenzie

Currently: VP Engineering at 3scale.net Associate Professor at Universitat Pompeu Fabra in Barcelona. President of Autelic Association. Previously: Principle Software Engineer at Tuenti. CTO at BCNTouch. Extensive experience at HP in Engineering and RD management. See http://www.linked.com/in/andrewdmackenzie

Updated on March 04, 2020

Comments

  • Andrew Mackenzie
    Andrew Mackenzie over 4 years

    I'm developing an app that accesses Google APIs (starting with Calendar API) using OAuth2 and the google client libraries for that (is on Appengine and GWT BTW).

    I have implemented my OAuth2Call back servlet, extending the Google AbstractAppEngineAuthorizationCodeCallbackServlet.

    I have it working, I get access and can look at calendars etc, but have two problems:

    1) I do not get a refresh token, despite explicitly requesting offline access:

    public static GoogleAuthorizationCodeFlow newFlow( String scope ) throws IOException {
    GoogleAuthorizationCodeFlow.Builder builder = new GoogleAuthorizationCodeFlow.Builder(
            HTTP_TRANSPORT, 
            JSON_FACTORY,
            getClientSecrets(), 
            Collections.singleton( scope ) );

    builder.setCredentialStore( new AppEngineCredentialStore() ).setAccessType("offline");

    return builder.build();
}

    2) I cannot see how to set the automatic refresh functionality. These pages describe the methods:

    But I can't see where to add the refresh listener. There is no such method in the GoogleAuthorizationCodeFlow.Builder class, unlike the Credential.Builder class

    EDIT After debugging the code more, when the credential comes back (in the onSuccess() method) it seems to have a RefreshListener set already.....so maybe that's their by default, and my only problem is I'm not getting a refresh_token, despite asking for it.

    Maybe need to review settings in the Google API Console also?

  • Andrew Mackenzie
    Andrew Mackenzie over 11 years
    Thanks for the comment, I'll check along these lines. At the moment, I do an explicit revoke of the token, and then request it again and I always go through the explicit accept screen for the user - but still don't get a refresh_token.
  • Andrew Mackenzie
    Andrew Mackenzie over 11 years
    vlatko, I was doing everything you said except the prompt force, and that seems to have fixed it! So, your answer was much appreciated! Is this a bug, or just a glaring omission from the (too extensive...) documentation?
  • Andrew Mackenzie
    Andrew Mackenzie over 11 years
    Thanks Sunny. But the problem was that on the first authorization I was getting the AccessToken, but NOT the RefreshToken, despite asking for it by setting the AccessType to "offline". If you use the Google classes (once you have a RefreshToken) they they will store it and use it to automatically get a new AccessToken when it expires, all transparently to you.
  • theblackips
    theblackips over 10 years
    Ok, thank you for this! The .setApprovalPrompt(..) must be a relatively new requirement. I had my code working about a month or two ago without this option and it was giving me refresh tokens. All of a sudden it had stopped working and I was left to wonder why.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to avoid 'Failed to retrieve access token: { "error" : "invalid_grant" }' in offline GAE cron tasks?
This app isn't verified This app hasn't been verified by Google yet. Only proceed if you know and trust the developer
Authentication on google api (calendar) with flutter
google calendar api server application
Unable to refresh OAuth2 token in PHP, invalid grant
POSTMAN, OAuth2 and Google Directory API
Including JAR files in Eclipse (App Engine) project
HttpURLConnection App Engine Java Example for POST Request does not work
Spring: Injecting different properties file according to profile
NoSuchFieldError: INCLUDE_ALL