Auth0 Home Blog Docs

Issue with retrieving Google access token

access_token
google
access
nextjs
offlien

#1

I’ve been following this tutorial below for google auth in order to retrieve Identity Provider Access Tokens:
https://auth0.com/docs/tutorials/calling-an-external-idp-api

It says access_token should be included in identities array like below:

  "identities": 
    {
      "provider": "google-oauth2",
      "access_token": "ya29.GlsPBCS6ahokDlgCYnVLPEzNhAPoKJLAGKDSe1De3_xclahNcdZXoU-26hCpa8h6240TV86dtaEQ4ZWoDq_yeu9QyQqUr--S9B2CR9YJrLTD",
      "expires_in": 3599,
      "user_id": "111199914890750704174",
      "connection": "google-oauth2",
      "isSocial": true
    }
  ],

but instead, what I’m getting is below:

  "identities": 
	{
      "provider": "google-oauth2",
	  "user_id": "...id...",
   	  "connection": "google-oauth2",
      "isSocial": true
  	}
  ]

which doesn’t include access_token. I tried to add offline access as this doc suggested ( https://auth0.com/docs/tokens/idp#renewing-the-token) but still getting the same result.

code I’m using is below:

const getOptions = (container) => {
  const secret = uuid.v4()
  setSecret(secret)
  return {
    container,
    closable: false,
    auth: {
      responseType: 'token',
      redirectUrl: `${getBaseUrl()}/auth/signed-in`,
      params: {
        scope: 'openid profile email',
        state: secret,
        access_type: 'offline'
      }
    }
  }
}

which was borrowed from here:
https://github.com/luisrudge/next.js-auth0/blob/master/utils/lock.js

Perhaps I am missing something obvious?


#2

The code you included is associated with an authentication transaction. As stated in the documentation you linked, the IdP access tokens need to be retrieved through a Management API call to the get user by identifier endpoint. In addition, the access tokens used in the Management API call needs to have the proper scopes, in particular, for IdP access tokens it needs the read:user_idp_tokens.

Ensure that you use an access token with the above scope; if you’re unable to trace the source of the problem then update the question with the code related to how you’re calling the Management API.


#3

Hi @jmangelo, thank you for your quick response, it was really helpful as it was my first-day exploring Auth0 service. Appreciated!


#4

Hi @jmangelo, thank you for your quick response, it was really helpful as it was my first-day exploring Auth0 service. Appreciated!


#5

@jmangelo , I also meet problem when trying to get access_token from salesforce.
The user profile returned from endpoint https://lcheng.auth0.com/userinfo, doesn’t have access_token info, following is the identities field.
identities":{“isSocial”:true,“provider”:“salesforce”,“user_id”:“00590000002pYgSAAU”,“connection”:“salesforce”}],

  1. I have created one app in the salesforce side, and configure the call back to https://lcheng.auth0.com/login/callback
  2. The scope for “user_idp_tokens” is also configured, following is the result from Get all client grants API
    {
    “id”: “cgr_HfcBYrsbfhgjLPmn”,
    “client_id”: “6ESZfohmaJ8Z5xk5iCBtSh8FgNtn6hRQ”,
    “audience”: “https://lcheng.auth0.com/api/v2/”,
    “scope”:
    “read:users”,
    “read:connections”,
    “read:user_idp_tokens”
    ]
    }
  3. I also tried endpoint, https://lcheng.auth0.com/api/v2/users/00590000002pYgSAAU, the “user_id” is get from step1. however, the response is
    {
    “statusCode”: 400,
    “error”: “Bad Request”,
    “message”: “Object didn’t pass validation for format user-id: 00590000002pYgSAAU”,
    “errorCode”: “invalid_uri”
    }

#6