I was trying to get refreshToken in "passport-google-oauth" example.
but the result was "undefined"
because of the "access_type" parameter, "passport-google-oauth" gave just only "id_token" parameter.
someone get same problem with me.
(https://groups.google.com/forum/#!searchin/oauth2-dev/id_token/oauth2-dev/2BjXHN3MMng/HP-sPVBhKAAJ)
bacause google changed their oauth endpoint,
(http://googlecode.blogspot.kr/2011/10/upcoming-changes-to-oauth-20-endpoint.html)
"passport-google-oauth" should be updated.
I added access type parameter in oauth2.js file in "passport-google-oauthnode_modulespassport-oauthnode_modulesoauthliboauth2.js"
exports.OAuth2.prototype.getAuthorizeUrl= function( params ) {
var params= params || {};
params['client_id'] = this._clientId;
params['type'] = 'web_server';
// should add below params
params['access_type'] = 'offline';
return this._baseSite + this._authorizeUrl + "?" + querystring.stringify(params);
}
now I can get refreshToken :)
If the previous refresh token is not expired, you can not get a refresh token.
In this case, you have to get user consent again. For that you should add this params['approval_prompt'] = 'force' code also. but this code make user allow user consent every time.
This is already supported by options to the Google OAuth 2 strategy. To enable, invoke it like so:
passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email'],
accessType: 'offline' });
And, with an approval prompt parameter:
passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email'],
accessType: 'offline', approvalPrompt: 'force' });
Is there a way to do this without forcing approval?
I have the following code but not seeing offline access mentioned in permissions screen anymore?
did Google make any changes or I need a different param now?
app.get( '/auth/google',
passport.authenticate( 'google'
, { scope:[ 'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/contacts.readonly']
, accessType: 'offline', approvalPrompt: 'force'}))
@siddo420 Using prompt: 'consent' instead of approvalPrompt: 'force' achieves that for me
Most helpful comment
@siddo420 Using
prompt: 'consent'instead ofapprovalPrompt: 'force'achieves that for me