Open braintrustalex opened 4 months ago
if you are only using this for login, then there is no need to log them out when the access_token expires. The only time you need to worry about refreshing the token is if you actually need to use it...
Also what exactly are you posting to the /auth/google/oauth2
endpoint? It shouldn't be seeing any access token, and therefore it wouldn't be expired... unless you are passing in the expired token.
TLDR: I've used the setup guide to get Google working as an SSO provider, up until my
access_token
expires. App throwsA refresh_token is not available
on subsequentPOST
to/auth/google_oauth2
. Not using Devise. How can I mitigate this error, or bypass therefresh_token
flow?Setup
I've followed the setup guide in the README, and I am not using Devise.
I am able to
POST /auth/google_oauth2
with a user and complete the account selection and consent screens, and am redirected to my callback endpoint with anaccess_token
andrefresh_token
. However, once theaccess_token
expires and my user is logged out of my application, when theyPOST /auth/google_oauth2
again to re-authenticate, I hit the token refresh flow withinomniauth-oauth2
: https://github.com/omniauth/omniauth-oauth2/blob/3a43234ab5dd36a75f9c125c58fcfe1a37b26805/lib/omniauth/strategies/oauth2.rb#L92This fails every time with
A refresh_token is not available
https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/access_token.rb?ref_type=heads#L118This makes sense, since the
refresh_token
is supplied only on the first authorization call to Google. However, what I don't understand is how I'm supposed to handle this.I can only make this work if I edit the gemfiles and add to the existing code:
Configuration
Gemfile
:config/initializers/omniauth.rb
:routes.rb
index.html.erb
:Questions
So to my questions:
refresh_token
, but not how or where. How am I supposed to store and pass therefresh_token
to this gem?prompt: 'consent'
andaccess_type: 'offline'
together are supposed to be the only way to get arefresh_token
, but that doesn't influence whether this or underlying gems check for arefresh_token
once theaccess_token
is expired.expires_at
, orexpire_in
argument to the gem for shortening theaccess_token
expiration time for testing purposes?I've looked into this issue across the multiple
omniauth
gem dependencies, and this gem for 5+ days, and haven't gotten anywhere. Any feedback or answers would be deeply appreciated 🙏 ❤️