Hello, I was following this guide for setting up Google Login with Auth0-Chrome library. I can already get the access_token, refresh_token, and id_token from Auth0 and I was able to get the Google access_token from the user profile using the Auth0 Management API. My issue is that the refresh_token is missing from the returned IDP google identity. I need this because the Google access_token is only valid for 1 hour and I want to refresh the token if it’s already expired. I’m already passing access_type: offline parameter in the options:
For additional context, I’'m calling the authenticate function above in a background script so i can then pass the id_token to the backend and authenticate my app via session cookie.
What could be the issue here? On a related note, I am aware that auth0-chrome is already deprecated. What’s the suggested alternative for chrome extensions?
It looks like a user got a chrome extension to work using the auth0-spa-js library, which now supports refresh token rotation. I noticed that you already found this thread, but am going to post it here for future users:
for additional info, it seems that i was wrong in my assumption that google issues a refresh token every time i call the authorize endpoint. it only does when you first authorize with google (when you first got into the consent screen) or when you pass approval_prompt: 'force' parameter. it’s up to you how you want to store this refresh token but we prefer to use it on the auth0 side using a rule.