Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Google] Refresh token #166

Closed
Pionerd opened this issue Feb 12, 2024 · 4 comments · Fixed by #167
Closed

[Google] Refresh token #166

Pionerd opened this issue Feb 12, 2024 · 4 comments · Fixed by #167
Labels
🐞 bug Something isn't working

Comments

@Pionerd
Copy link
Contributor

Pionerd commented Feb 12, 2024

Problem Statement

Logs for google say: Feb 12 15:09:32 shared-hub-vpn-gateway openvpn-auth-oauth2[78178]: time=2024-02-12T15:09:32.333Z level=WARN msg="oauth2.refresh is enabled, but provider does not return refresh token"

If I search online, refresh tokens seem to be supported. Also your Google codes seems to mention getting refresh tokens. Is it supported?

Environment

  • openvpn-auth-oauth2 Version:
  • OpenVPN Server Version:
  • Server OS:
  • OpenVPN Client (flavor, OS):
@Pionerd Pionerd added the ❓ question Further information is requested label Feb 12, 2024
@jkroepke
Copy link
Owner

I have no idea. Reading docs (https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code), set access_type=offline is sufficient which I do

providerConfig.AuthCodeOptions = []oauth2.AuthCodeOption{oauth2.AccessTypeOffline}

But it has no effect or something in that code wont work and the parameter is not set.

@jkroepke jkroepke added 🐞 bug Something isn't working ❓ question Further information is requested and removed ❓ question Further information is requested labels Feb 12, 2024
@Pionerd
Copy link
Contributor Author

Pionerd commented Feb 12, 2024

I found and tested this: https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token

I can confirm that this time the warning is not shown for my user, so apparently the refresh token is now working. Maybe adding the prompt=consent helps to cover all cases?

@jkroepke
Copy link
Owner

You could test this with

CONFIG_OAUTH2_AUTHORIZE__PARAMS="prompt=consent"

@Pionerd
Copy link
Contributor Author

Pionerd commented Feb 12, 2024

Works, thanks!

#167

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐞 bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants