Hi all
This is my use case:
- User signs in to my app via social login (google). The app is a SPA, using this code:
import { Auth0Client, User } from "@auth0/auth0-spa-js";
// init auth0 client
this.auth0 = new Auth0Client({
domain: domain,
client_id: clientId,
audience: `https://${domain}/userinfo`,
cacheLocation: "localstorage",
useRefreshTokens: true,
responseType: "id_token",
scope: "openid profile email offline_access",
connection: "google-oauth2",
redirect_uri: `${window.location.origin}/home`,
accessType: "offline",
approvalPrompt: "consent",
access_type: "offline",
connection_scope:
"https://www.googleapis.com/auth/calendar",
});
...
// login which calls auth0 authorize endpoint
await this.auth0.loginWithRedirect({
redirect_uri: `${window.location.origin}/setup`,
accessType: "offline",
approvalPrompt: "consent",
access_type: "offline",
connection_scope:
"https://www.googleapis.com/auth/calendar",
});
- All scopes required for my app are requested (calendar, profile, email)
- Backend job tries to access google calendar API on behalf of user:
a. Get user profile from Auth0
b. Get the user’s google access/refresh token fromuser.identities[0]
c. Refresh token if expired (using theuser.identities[0].refresh_token
from above
d. Call Calendar API
However, when I get the user profile from mgmt API: /api/v2/users
, I do not get the google refresh token, though documentation says otherwise. Only the access_token (which is short lived) is returned
How can I get Google refresh token returned from Auth0 user profile if my app is an SPA?