In my application I need to get google access and refresh token to call google drive api later on.
To do that I use the access_type: ‘offline’ option on auth0-spa-js.
Then, from the backend, I use auth0 management API to get the user identities and retrieve the access and refresh token. It works great ! At least for a few hours.
At some point, when I retrieve the user from the management API, the refresh_token isn’t in the user identities anymore !
I don’t understand why ?
Should I store it in our database ? What are the best practices for this use case ?