How to get Google IDP Refresh Tokens once limit is reached: 'Excess refresh tokens were removed'

jcee02 · December 17, 2023, 3:28am

We have recently implemented Google refresh tokens as part of our login request. I was unaware of the 200 refresh token limit and we were not storing the refresh tokens on our side prior to some of our users reaching that limit. For the users that have reached that limit, no refresh token is being returned on the /users/{userId} api request.

Any advice on how we can get one of the access tokens for those users? do we need to reset the auth0 user?

Thank you!

dan.woda · December 22, 2023, 6:16pm

Hi @jcee02,

Welcome to the Auth0 Community!

From our docs it sounds like a new token should replace an old one if you hit the limit. Are you not seeing this behavior? Could you also please give an example of the request you are using to retrieve the token (omit sensitive data).

Thank you!

jcee02 · December 22, 2023, 11:07pm

Hi @dan.woda, thank you for the response. Here is the auth config I am using:

<Auth0Provider
        domain="{domain}"
        clientId="{clientId}"
        authorizationParams={{
          redirect_uri: window.location.origin,
          audience: "{apiDomain}",
          access_type: "offline",
          scope: "openid profile email offline_access",
          connection_scope: "https://www.googleapis.com/auth/gmail.readonly",
          aprroval_prompt: "force",
          useRefreshTokens: true
        }} >

Once that limit is reached and I see the token cleanup in my tenant logs for those users, the refresh token property is not returned in the identities array.

jcee02 · January 12, 2024, 11:49pm

@dan.woda checking back here. Not sure if that config is what you were looking for or if you are looking for my auth0 user request:

GET: https://{tenant}.us.auth0.com/api/v2/users/{googleUserId}

Prior to the refresh token limit being hit, the refresh token value is included in that response as part of the identities array along with the access token.

dan.woda · January 16, 2024, 2:40pm

@jcee02,

Apologies for the delay and thanks for the additional data.

What happens if you request another refresh token after the cleanup? i.e.:

Refresh token exists in the user identity
Token limit is hit and the cleanup happens
Request a new user refresh token on next login

jcee02 · January 18, 2024, 5:04am

The same request I make prior to the limit being hit does not return a refresh token once the limit is reached and the cleanup happens. The property is not in the user response where I get it prior to the limit being reached.

jcee02 · February 2, 2024, 4:44am

@dan.woda just checking in if there is any update on how I might handle this. Thank you!

Topic		Replies	Views
/api/v2/users/{id} returns google accessToken not refreshToken? Help management-api , clients	2	746	November 7, 2023
Use Google refresh_token to obtain new Google access_token Help access_token , google , refresh_token , idp	2	5203	September 5, 2019
Get refresh tokens count Help	7	1686	October 6, 2022
Can't get google refresh token using auth0.js Help auth0js , google , refresh-tokens	2	7651	December 17, 2018
Getting refresh tokens when working with client credentials Help	5	2656	February 20, 2022

How to get Google IDP Refresh Tokens once limit is reached: 'Excess refresh tokens were removed'

Related topics