Google RefreshToken

[Baachi]

Hello guys!

Maybe i ran into a bug or i misconfigured anything. Hope anyone can help me.

I'm using the GoogleResponseOwner to authenticate my users. I save the access_token, expires_in and the refresh_token in my MySQL database.

The problem is that refresh_token is always null.
According to their [docs] https://developers.google.com/accounts/docs/OAuth2WebServer?hl=de#handlingtheresponse) i have to set the access_type to offline (which i do) but the response_token isn't set in the response from google.

I really need to refresh my access_token because i need to load some
data from the google analytics api.

1. config.yml

hwi_oauth:
    firewall_name: main
    fosub:
        properties:
            google: googleId
    connect:
        account_connector: acme.security.provider.user
    resource_owners:
        google:
            type:                  google
            client_id:            <my_id>
            client_secret:     <my_secret>
            scope:               "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/analytics.readonly"
            options:
                access_type:     offline

2. UserProvider

class UserProvider implements OAuthAwareUserProviderInterface, UserProviderInterface
{
    private $userManager;

    public function __construct(UserManager $userManager)
    {
        $this->userManager = $userManager;
    }

    public function connect($user, UserResponseInterface $response)
    {
        $username = $response->getUsername();
        $previousUser = $this->userManager->findUserBy(array('googleId' => $username));

        /** @var $user User */
        /** @var $previousUser User */

        $user->setGoogleId($username);
        $user->setGoogleToken($response->getAccessToken());
        $user->setAvatarUrl($response->getProfilePicture());
        $user->setGoogleRefreshToken($response->getRefreshToken());
        $user->setGoogleTokenExpires($response->getExpiresIn());

        if ($user === $previousUser) {
            return;
        }

        if (null !== $previousUser) {
            $previousUser->setGoogleId(null);
            $previousUser->setGoogleToken(null);
            $previousUser->setAvatarUrl(null);
            $previousUser->setGoogleRefreshToken(null);
            $previousUser->setGoogleTokenExpires(null);

            $this->userManager->updateUser($previousUser);
        }

        $this->userManager->updateUser($user);
    }

    public function loadUserByOAuthUserResponse(UserResponseInterface $response)
    {
        $username = $response->getUsername();
        $user = $this->userManager->findUserBy(array('googleId' => $username));

        if (!$user) {
            throw new AccountNotLinkedException(sprintf('No user with google username "%s" was found.', $username));
        }

        /** @var $user User */

        if (!$user->getGoogleToken()) {
            $user->setGoogleToken($response->getAccessToken());
            $user->setGoogleRefreshToken($response->getRefreshToken());
            $user->setGoogleTokenExpires($response->getExpiresIn());

            $this->userManager->updateUser($user);
        }

        return $user;
    }

    public function loadUserByUsername($usernameOrEmail)
    {
        $user = $this->userManager->findUserByUsernameOrEmail($usernameOrEmail);

        if (!$user) {
            throw new UsernameNotFoundException(sprintf('No user with name or email "%s" was found.', $usernameOrEmail));
        }

        return $user;
    }

    /**
     * {@inheritDoc}
     */
    public function refreshUser(UserInterface $user)
    {
        return $this->userManager->refreshUser($user);
    }

    /**
     * {@inheritDoc}
     */
    public function supportsClass($class)
    {
        return $this->userManager->supportsClass($class);
    }
}

[bendavies]

https://developers.google.com/accounts/docs/OAuth2WebServer?hl=de#refresh
A refresh token is only returned the very first time you request authorisation.
you should be able to reset this by revoking access to your app in the users account.

alternatively you can use approval_prompt=force to get a new refresh token.
search the docs for approval_prompt

[Baachi]

@bendavies Thank you for your comment and the explanation.