I am using auth0.js v9 in my client to authenticate my users by social login. In the server I am using the https://squid.auth0.com/api/v2/users/${userId} endpoint. Following the documentation https://auth0.com/docs/tokens/idp I should be able to get a IdP google refresh token if the user accept the scope ‘offline_acccess’. Still, I can’t get the refresh token from my users.
Here is my client code:
var webAuth = new auth0.WebAuth({
clientID: global.WEB_APP.config.AUTH0.CLIENT_ID,
domain: global.WEB_APP.config.AUTH0.DOMAIN,
responseType: ‘token id_token’,
audience: ‘https://’ + global.WEB_APP.config.AUTH0.DOMAIN + ‘/userinfo’,
redirectUri: window.location.href,
scope: ‘openid profile offline_access’
});
webAuth.authorize({
connection: 'google-oauth2',
connection_scope: connection === 'https://www.googleapis.com/auth/youtube.readonly,https://www.googleapis.com/auth/yt-analytics.readonly'
})
And my user when try to login has to accept the offline_access permission.
In my backend code:
const url = `https://squid.auth0.com/api/v2/users/${userId}`
return got(url, {
headers: {
authorization: 'MY_AUTH0_TOKEN'
},
json: true
})
.then(({ body }) => {
return body.identities[0]
})