-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why do i not get a new refresh token returned with every authorization request? #1219
Comments
Hi @LindaLawton, I'm transferring this issue to the team working on the python auth library to ensure that you receive quality answers. |
Hi @LindaLawton. Can you provide an expand on where you are seeing a new refresh token in other languages? Please see the documentation regarding refreshing a access token https://developers.google.com/identity/protocols/oauth2/native-app#offline. |
New refresh tokens are optional in the access token refresh response. https://www.rfc-editor.org/rfc/rfc6749#section-6 Please re-open this if you have any further questions! Thanks! |
@clundin25 thanks I will pass that on to my client that's exactly what i was looking for. |
The following example lists a users messages from the Gmail api using web flow. It works fine, feel free to test with your own web credentials from google cloud console.
My question is. Why does the authorization only return a refresh token after the first authorization request. I have added offline access, the first time the user authorizes this code a refresh token is returned. It is not returned again, the only way to force it to return again is to add
prompt= "consent"
. (this is commented out in the code for testing)I have had to add a check in the oauth2callback method in order to check that there is a refresh token and to not save my credentials if the refresh token does not exist, as it was over writing it every time the access token was refreshed.
Is there something that I need to set on the client to ensure that it always returns a new refresh token when the access token is refreshed. I thought this was a standard feature in Google authorization server it i always get a new refresh token in other languages. Or is the issue that this is a web client?
code
The text was updated successfully, but these errors were encountered: