Google refresh token not persisted


for an application where we need to be able to Google Drive api for users I’ve setup a login flow that will request the required scope and set the access type as offline. For interacting with the Google Drive api, a refresh token is required.

The initial call is working as expected. I can then use the Auth0 api to get the full user profile, which will then include the needed access_token and refresh token in the identities property.
So far so good, but when I log out from our application and go through the login procedure, the next time I request the user profile, the refresh token is missing.

As I understood, Google only exchanges the refresh on the first authentication, but it seems odd that this will clear the refresh token from the identies in the user profile.

The only solution I found so far is to include “approval_prompt=force” query parameter. But this results in a redundant constent screen being displayed every time a user logs in.

Is there any other way round this? I would prefer not to store the refresh token on our own server.

Hi @steven.oeyen ,

Welcome to the Auth0 Community!

I did some research around this topic, and looks like the only solution is what you have described.

Adding access_type=offline&approval_prompt=force to the authentication request, then Auth0 forwards those parameters to Google, and Google returns an access_token and an refresh_token.

I understand that you don’t want users to see a redundant consent screen being displayed every time they log in. You are welcome to submit your feedback here. Hopefully it can attract more votes and be implemented soon.

1 Like

hi @lihua.zhang,
thanks for the quick follow up.
In that case I guess we will have to settle for that solution for now. I would be nice to somehow store those refresh tokens in Auth0 in the future

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.