I’ve authorized 2 different Google Workspace connections about a year ago.
We never used those connections for login, but we used them as part of a login rule.
The login rule uses the tokens from the connection to hit google’s admin directory api. Specifically, it creates google OAuth2Client
from the following google-apps connection properties:
connection.options.admin_access_token
connection.options.admin_refresh_token
connection.options.admin_access_token_expiresin
The rule was working great, then I turned it off for about 8 months.
Yesterday, when I re-enabled the rule, I keep getting invalid_grant
from google. It looks like the admin_refresh_token
is no longer valid. The connections were not de-authorized by a google workspace admin.
For fun, I re-authorized one of the google workspace connections, and then the rule started to work no problem.
I was under the impression that auth0 would keep the google workspace connection refresh tokens alive automatically, even if the connection was not actively used. But the connections stopped working and I assume it’s because the refresh token has not been used in a while (google disables them after 6months of inactivity).
I have a couple questions about this:
- Do I need to make sure the google-apps connection is used for login at least once every 6 months?
- Do I need to manually update the
admin_access_token
in a rule? It doesn’t seem to change. - Where can I find documentation on the
connection.options.*
properties for google workspace?