[Google] Refresh token

[Pionerd]

Problem Statement

Logs for google say: Feb 12 15:09:32 shared-hub-vpn-gateway openvpn-auth-oauth2[78178]: time=2024-02-12T15:09:32.333Z level=WARN msg="oauth2.refresh is enabled, but provider does not return refresh token"

If I search online, refresh tokens seem to be supported. Also your Google codes seems to mention getting refresh tokens. Is it supported?

Environment

• openvpn-auth-oauth2 Version:
• OpenVPN Server Version:
• Server OS:
• OpenVPN Client (flavor, OS):

[jkroepke]

I have no idea. Reading docs (https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code), set access_type=offline is sufficient which I do

openvpn-auth-oauth2/internal/oauth2/providers/google/config.go

Line 18 in 5840fd9

providerConfig.AuthCodeOptions = []oauth2.AuthCodeOption{oauth2.AccessTypeOffline}

But it has no effect or something in that code wont work and the parameter is not set.

[Pionerd]

I found and tested this: https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token

I can confirm that this time the warning is not shown for my user, so apparently the refresh token is now working. Maybe adding the prompt=consent helps to cover all cases?

[jkroepke]

You could test this with

CONFIG_OAUTH2_AUTHORIZE__PARAMS="prompt=consent"

[Pionerd]

Works, thanks!

#167