Force New Tokens from the Google Social Connection

Overview

Renewing third party Identity Provider (IdP) tokens, like access and refresh tokens, in the users profile differs depending on the IdP, as described in Renew third-party tokens.

This article will explain how to force new tokens for the Google Social Connection. This can be useful if application require up to date tokens to perform actions on behalf of end users, like checking Google Calendar.

Applies To

  • Identity Provider (IdP)
  • Access Tokens
  • Refresh Tokens

Solution

To force new refresh and access tokens on each login flow with a Google Social connection, follow the following steps:

  • Perform a GET connection for the Google social connection using the Auth0 Management API Get a connection. Save the results for the next step (careful as this contains the Google client secret).
  • Select the options object from the above step, add in the following upstream_params to it:
{
    "options": {

        ... [PASTE EXISTING OPTIONS HERE] ...

        "upstream_params": {
            "access_type": {
                "value": "offline"
            },
            "prompt": {
                "value": "consent"
            }
        }
    }
}
  • Update the Google connection in Auth0 with the above options object as the body of the request without adding anything else: Update a connection.
  • Login will force the account selection screen and generate the refresh_token and new access_token.