Google Workspace Enterprise Connection - Expired refresh_token?

I’ve authorized 2 different Google Workspace connections about a year ago.
We never used those connections for login, but we used them as part of a login rule.

The login rule uses the tokens from the connection to hit google’s admin directory api. Specifically, it creates google OAuth2Client from the following google-apps connection properties:

  • connection.options.admin_access_token
  • connection.options.admin_refresh_token
  • connection.options.admin_access_token_expiresin

The rule was working great, then I turned it off for about 8 months.

Yesterday, when I re-enabled the rule, I keep getting invalid_grant from google. It looks like the admin_refresh_token is no longer valid. The connections were not de-authorized by a google workspace admin.

For fun, I re-authorized one of the google workspace connections, and then the rule started to work no problem.

I was under the impression that auth0 would keep the google workspace connection refresh tokens alive automatically, even if the connection was not actively used. But the connections stopped working and I assume it’s because the refresh token has not been used in a while (google disables them after 6months of inactivity).

I have a couple questions about this:

  1. Do I need to make sure the google-apps connection is used for login at least once every 6 months?
  2. Do I need to manually update the admin_access_token in a rule? It doesn’t seem to change.
  3. Where can I find documentation on the connection.options.* properties for google workspace?

I am also wondering about this as well. I noticed that when we do an update on a connection is seems to also break this refresh token.