SecureCredentialsManager throws unexpected exception

I’m using the SecureCredentialsManager in an Android app. When the id token expires, getCredentials throws CredentialsManagerException("No Credentials were previously set."). The documentation says it’s supposed to automatically renew the tokens with the refresh token when they expire.

The code causing this exception is:

    val token = suspendCoroutine<String?> { cont ->
        manager.getCredentials(object :
            BaseCallback<Credentials, CredentialsManagerException> {
            override fun onSuccess(credentials: Credentials) {

            override fun onFailure(error: CredentialsManagerException) {

manager.hasValidCredentials() returns true before this code executes.

A bit further investigation and I see that the refresh token hasn’t been set. It seems that WebAuthProvider.login is giving credentials without a refresh token.

And further investigation, WebAuthProvider needs to be called with scope offline_access to get the refresh token. Problem solved.