I was able to connect to google and in my full profile i was able to get my refresh token (in my identites). However, now, over the past week, something changed and i am not able to get the refresh token from the full profile. I did not change any code.
Hello!
If your Google refresh token has suddenly disappeared from your full profile without code changes, the most common reasons are that refresh tokens are typically issued only once per user per client (so subsequent logins won’t return a new one if you already have one), or the existing token has been revoked or expired. Check if access_type=offline is in your authorization request, and for testing, revoke your app’s access in your Google settings, then re-authenticate using both access_type=offline and prompt=consent to force a new token. Also, verify your Google Cloud project’s OAuth consent screen status, as “Testing” status limits token validity to 7 days.
Yep, we have troubleshot it the way you mentioned. The access_type is offline. Revoking apps access and re-authenticating using both access_type=offline and prompt=consent gives me a new access and refresh token from the auth0 user profile identity. However, after 24 hours, the user profile identity doesn’t have the refresh token anymore. In the past 6 months, it wasn’t a problem. Auth0 always had the user profile googles refresh token in the identity. Since the big outage last week, it has been acting up. The problem is auth0 seems to be clearing refresh tokens from there db after 24 hrs? Do I need to start storing these tokens on my end?
Hi @team9,
Welcome to the Auth0 Community and thank you for your post!
Thanks @Misty668Brooks, for your contribution as well.
What you have mentioned is correct, at outlined in this community post - Force New Tokens from the Google Social Connection.
This is however the expected behavior, as storing and refreshing third-party tokens is a feature handled by the new addition of Token Vault, so I would definitely recommend checking this documentation. You can also store the refresh tokens securely on the server side, but enabling this feature makes it a lot easier for you, since Auth0 will manage the process seamlessly. However:
Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative.
I hope this helps!
Best regards,
Remus
Thank you remus. So for now, we will save the tokens on our side. This is slightly odd to change the behavior without giving access to token vault. Messes with the experience.