Where is the Google refreshToken?

**mschipperheyn** · Jan 9th, 2012, 07:57 AM

Hi,

When I create a connection for Google, I keep getting a null value for the refreshToken. Isn't this supposed to be supplied?

Marc

**habuma** · Jan 9th, 2012, 08:19 AM

Since the Spring Social Google project is a community project, I've not spent much time with it, but looking at https://github.com/guznik/spring-soc...2Template.java, it appears that the refresh token is being gathered as part of the connection process. So, if it's null then I'd wonder if Google is actually sending back a null or if the field has a different name than what's in the code and Google's own documentation. The best way to do that is either to setup some sort of proxy between your app and Google or to manually perform the OAuth 2 dance and see what the response looks like. (That's one of the nice things about OAuth 2; you can do the entire dance manually using a web browser and curl to see how things behave.)

**mschipperheyn** · Jan 9th, 2012, 09:03 AM

Ok, finally figured out that in order to also receive the refreshtoken, the oauth request url has to contain a parameter
access_type=offline

Any suggestions on how to realize this?

**habuma** · Jan 9th, 2012, 09:18 AM

Yes, I see that in Google's documentation. Kinda goofy, but I guess that's how they work.

You can set additional parameters by providing a connect interceptor and setting whatever extra parameters you need in the preConnect() method. For example:

Code:

public void preConnect(ConnectionFactory<S> connectionFactory, MultiValueMap<String, String> parameters, WebRequest request) {
    parameters.set("access_type", "offline");
}

Note that I just hacked this code into the forum and it has not been tested.

**habuma** · Jan 9th, 2012, 09:24 AM

Alternatively, you might be able to subclass GoogleOAuth2Template and override the buildAuthorizeUrl() method to tack on the parameter....something like this:

Code:

public String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters) {
    return super.buildAuthUrl(authorizeUrl, grantType, parameters) + "&access_type=offline";
}

Again, that was just hacked into the forum, so no guarantees on whether or not it will work.

**mschipperheyn** · Jan 9th, 2012, 10:14 AM

Awesome, thanks!

**mschipperheyn** · Jan 9th, 2012, 11:03 AM

It doesn't seem to be working although I can see the parameter being added to the oauth url.

Funny thing is also that I'm not getting the Google Allow popup screen. It opens and closes immediately and just automatically allows me. Also if I logout before I do this, I get the login page in the popup and after login, it doesn't present me with the access types I'm requesting, but just grants it (without giving me the refreshToken).

The access scope I'm asking for is
https://www.google.com/m8/feeds/ https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo#email https://www.googleapis.com/auth/plus.me

(after completing the connect request I can interact with the API just fine.)

**habuma** · Jan 10th, 2012, 09:13 AM

FYI: I just performed the OAuth 2 "dance" manually (using just my web browser and curl) and I was able to get a refresh token in the response. Here's what I did:

In my browser, I entered the following into the address bar:

Code:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=MY_CLIENT_ID&access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&redirect_uri=MY_REDIRECT_URI

(Be sure to substitute your app's values for MY_CLIENT_ID and MY_REDIRECT_URI.)

After authorization, I get a callback to my redirect URI (there doesn't really need to be anything at that URI). In the address bar, I see the authorization code, so I copy it and use it in the following curl command line:

Code:

~% curl -d "code=AUTHORIZATION_CODE&client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET&redirect_uri=MY_REDIRECT_URI&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token

(Again, be sure to substitute your app's values and the authorization code for the all-caps values in that curl command line.)

Upon submitting that, I got a JSON response that included the refresh token.

I still do not know why it doesn't work for you with the changes you applied to the Google module, but maybe this will give you some clues.

**mschipperheyn** · Jan 10th, 2012, 09:53 AM

Great, thanks! Yeah, I think there is some caching going on in the Google response, perhaps because their token is valid for an hour. I was thinking this yesterday already, but this confirms it.

**mschipperheyn** · Jan 10th, 2012, 11:31 AM

Ok, I went through the oauth dance using curl etc. I simply don't get the refreshToken.

I get the keys: access_token,token_type,expires_in,id_token

I've reviewed the API console settings but I don't see anything relevant there. Since the offline access is a Web app specific type setting, I figured it might be something to do with this

Code:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=MYCLIENTID.apps.googleusercontent.com&access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&redirect_uri=MYREDIRECT

curl -k -d "code=MYCODEKEY&client_id=MYCLIENTID.apps.googleusercontent.com&client_secret=MYSECRET&redirect_uri=MYREDIRECT&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token

Thread: Where is the Google refreshToken?

Thread Tools

Display

Where is the Google refreshToken?

Doesn't seem to be working

Posting Permissions