TechQA.

Auth0 Lock - Google oauth2 unable to get refresh_token

722 views Asked by At

I'm using Auth0 Lock with the google-oauth2 connection and I need to get a refresh_token because I need to make API calls from the server-side when the user is offline.

I'm following their guide but it's not working, refreshToken is always undefined.

Using http://cdn.auth0.com/js/lock/10.7.2/lock.min.js

this.lock = new Auth0Lock('...', 'xxx.eu.auth0.com', {
  initialScreen:'login',
  allowedConnections: ['google-oauth2'],
  allowSignUp: false,
  auth: {
    redirect: false,
    responseType: "token",
    params: {
      'access_type': 'offline',
      'approval_prompt': 'force',
    },
  },
  autoclose: true
});

Tried also with params 'approval_prompt': 'force' or 'prompt': 'select_account consent'

Instructions here: https://github.com/auth0/rules/blob/master/rules/google-refresh-token.md

authentication oauth-2.0 google-oauth auth0
Original Q&A
1

There are 1 answers

9
Eugenio Pace On BEST ANSWER

That rule is wrong. IdP access_tokens are available through the management API. See this endpoint: https://auth0.com/docs/api/management/v2#!/Users/get_users_by_id

A special scope is required (read:user_idp_tokens).

This is because IdP tokens are sensitive artifacts, so Auth0 puts an extra layer of security to obtain them.

You can of course call the API from a rule, but we'd likely advise against it and instead have your backend act on behalf of your (front-end) app.

Related Questions in AUTHENTICATION

Related Questions in OAUTH-2.0

Related Questions in GOOGLE-OAUTH

Related Questions in AUTH0

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions