How to do user login and get refresh token to invoke gmail apis?

EDIT to newest flow that still doesn’t work. LAST EDIT → I gave up and went to google oauth and was done in way less time than auth0 so going with straight app → google or app->3rd party going forward instead for speed. There is just no responses and no docs on the flow for refresh token.

This has become so complicated, I keep thinking of ditching auth0 :frowning: and just using google straight up to prevent the man in the middle confusion.

I read through this post Having trouble enabling Allow Offline Access however I still need a refresh token I believe for gmail apis. I was trying to get it through the mgmt api but that only gave me an access token that I could use for 1 hour and then my app stops working.

I had login working doing this but now I have no refresh token so that I can call gmail apis on the user’s behalf once per week (ie. offline)

  • redirect to auth0 /authorize

      String url = "https://"+domain+"/authorize" +
              "?response_type=code" +
              "&client_id=" + auth0Config.getClientId() +
              "&scope=" + urlEncodedScope +
              "&redirect_uri="+ urlEncodedCallbackUrl.get();
  • auth0 redirects back to my /callback

  • I decode the jwt and have aud, sid, etc and see the AUTH0 refresh token

  • I then call /oauth/token with scopes “openid profile email phone offline_access” and grant type ‘authorization_code’ . This seems to give me a valid refresh token

  • I then call /api/v2/users/{id} and this gives me google access token but no refresh token still :frowning:

Where in the flow am I going wrong here so I can get a refresh token for the user so I can fiddle with the stuff he wants once per week in gmail?

This document fetches the management api refresh token NOT the google refresh token (that was not clear but I get it now) → Get Refresh Tokens

I read another doc that shows getting google’s access token BUT it does not show how to get the refresh token → Call an Identity Provider API

In the end I also tried to see if calling /api/v2/users/{id} would get me a new access token but it did not and using google’s curl endpoint showed that the token expired and auth0 was not refreshing it. I am investigating moving completey to google now as I have exhausted all options from what I can tell and there is no step by step on 3rd party identity provider refresh tokens (probably easier to integrate on my own with each one since they do have refresh token docs where auth0 does not really and you have to piece together many docs and forum posts - I could not piece it together I guess)

I see no document on full steps to get the google refresh token and tried to piece together forum posts but could not.

Hey @dean2 sorry for the delayed response here, but wanted to get back to you regardless.

You should be able to get a Google refresh token by including access_type=offline as a param in your initial authorize request as mentioned here:

In my example above, I see the line &access_type=offline but for some reason, refresh token was the mgmt api refresh token and not google’s when I tried to validate with google. I gave up and I have it 100% working in google now . If I recall, when I read the Identity as well, the refresh token was not there in the identity provideer either. At any rate, now that I have a working thing with google, I do not have time to revisit with auth0 anymore. thanks!!!

1 Like

Hey @dean2 !

You’re right, I completely missed the access_type=offline param in your first request - Things can certainly get a bit complex when working with external IDP tokens, but I am glad to hear you got this working with Google directly and that suits your use case.