Renew Google Access Token

Hello, I have setup an application to authenticate via Google Sign In. I was able to get and save the refresh token in the user metadata using a custom rule. How do I renew the access token using this refresh token? I tried to use the refresh token directly with google oauth api so i know that it works, I just want to make it work with auth0.

Hi @warex03,
can you describe how you get and store the refresh token, because I’m wondering why you have/put it in the user metadata, as it should be right in the user.identities object (though not visible in the Dashboard > User Details) when checked via Management API for example, or also available within a Rule.

Also, the question: do you need the Google access token directly within your client application (or your backend) in order to call Google APIs? Or is it just about the user authentication itself?

How do I renew the access token using this refresh token?

To use a refresh token in order to get a new access token works the same way as described here but of course with the respective Google endpoints.

Side note: there are a lot of questions around ‘google refresh token’ in this forum, maybe they help as well.

Hi @mathiasconradt, thanks for the quick response, I’m getting the initial refresh token (because Google only issues it once) from the user.identities using the Management API as you have said and I’m storing it in the app metadata (not the user metadata as I’ve mistakenly said above) using a rule.

Also yes, we’re using the access token to call gmail api in our chrome extension.

I’ve confirmed that I can renew the access token using the method you stated above using the Google endpoint. However, I was wondering if there’s a way to do it through Auth0 since I want to also update the access token in the user.identities array. Would that be a recommended approach?

For added context: I was using Auth0-Chrome, which I’m aware of having been deprecated recently. I’ll try to migrate to auth0-spa-js in the next days to come since I wasn’t able to make it work before.