Google Oauth没有获得刷新令牌

Question

I am trying get refresh token. I read about it in google documents. Now, I am using accesstype offline and also approval_prompt: "force" But I am not getting refresh token in response. I not getting what I am doing wrong.

I have following html code:

<input type="submit" class="btn btn-info" value="Google" onclick="authorizeWithGoogle()" />

Javascript code:

 var cid = 'XXXXX';
 var apik = 'XXXXX';
 var scopes = 'https://www.google.com/m8/feeds';

 function authorizeWithGoogle() {
     gapi.client.setApiKey(apik); 
     gapi.auth.authorize({ client_id: cid, scope: scopes,  accesstype: "offline"   ,approval_prompt: "force"}, handleAuthResult);
 }

 function handleAuthResult(authResult) {
     delete authResult['g-oauth-window'];
 if (authResult && !authResult.error) {
    console.log(JSON.stringify(authResult));      
 }
}

Can you please help me.

Answer 1

You don't want to be requesting refresh tokens as that negates the security of OAuth. Refresh tokens should only ever be requested/stored on a server. You might want to take a step back and review your understanding of OAuth before continuing. Trying to implement OAuth without understanding it is a pita.

For a browser client, you should simply keep calling gapi.auth.authorize whenever you need a new access token (eg. approx every hour). After the first call, you can set immediate=true which will suppress any UI.

Answer 2

First, you made a typo, it's missing the underline: it's access_type , not accesstype .

Then, additionally to pass access_type and approval_prompt , you need to make sure your test user removed the grants for your app. Login in Google with your test account (not your app account) and go to Account Permissions and remove your app from the list.