Recovering missed refresh token

[Angel Lubenov]

Hi!, this is my situation

I am making a web-app, it starts the authorization/authenthication flow with oAuth (https://accounts.google.com/o/oauth2/v2/auth) with the following parameters: access_type = offline, and scope = openid email.

The first authorization process ends up fine returning all the information I need (access_token, refresh_token and token_id).

It turns out that the user may need to perform the authentication flow several times from different browsers, but since the 2nd time I don't get the access_token anymore.

I read that if you specify the parameter prompt=consent the user will always be prompted for authorization, but it returns a new refresh token each time, that is not convenient for me because the user may use several instances of the same application from different places so the refresh token must remain the same.

Is there a way to get ALWAYS the same refresh_token from each authentication procces? 

Or, is there an endpoint to request for the current refresh_token ?

Thanks in advance!

[Peter Oliquino]

Hi Angel,

Could you confirm if you are generating OAuth2 credentials for an AdWords account? If yes, you can follow the steps mentioned in this guide for the Web App flow. Once you have set up your credentials, your application should then be able to access the APIs you wish to use without having to manually specify them in each request.

I hope this helps and feel free to write back if you require further information.

Best regards,

Peter

AdWords API Team

[Angel Lubenov]

Hi!, 

I am using OAuth2 credentials, and I already did all the process for getting the clientId and the secret by registering a web-application. 

My problem a different one: once I get the access_token it expires in one hour, so I need the refresh_token to get a new one, but the last one is provided just in the first time the user authenticates and authorizes my app and I can't store it in a secure place, so I'm needing to know the refresh_token each time the user authenticates (not just the access_token), and I not need for it to change (as the param prompt=consent does). 

Is there a way to get this behavior? 

Thanks,

[Peter Oliquino]

Hi Angel,

You will need to store your refreshToken in a secure place as this will allow you to automatically create new access tokens when the previous ones expire. Additionally, you may refer to the recommendation in this guide for the web app flow, that you instead use client libraries when interacting with Google's OAuth2.0 endpoints as a security measure.

Thanks and regards,

Peter

AdWords API Team