Update documentation for Google

nextauthjs · Jul 31, 2020 · c6d6d9c · c6d6d9c · vercel · Jul 31, 2020
1 parent 85b8592
commit c6d6d9c
Showing 1 changed file with 43 additions and 2 deletions.
diff --git a/www/docs/providers/google.md b/www/docs/providers/google.md
@@ -26,9 +26,50 @@ providers: [
 ```
 
 :::warning
-Unlike most other providers, Google only Provide the Refresh Token on first sign in.
+Google only provide the Refresh Token to an application the first time a user signs in.
+
+To force Google to re-issue a Refresh Token, the user needs to remove the application from their account and sign in again:
+https://myaccount.google.com/permissions
+
+Alternatively, you can also pass options in the `authorizationUrl` which will force the Refresh Token to always be provided on sign in, however this will ask all users to confirm if they wish to grant your application access every time they sign in.
+
+If you need access to the RefreshToken or AccessToken for a Google account and you are not using a database to persist user accounts, this may be something you need to do.
+
+```js
+const options = {
+  ...
+  providers: [
+    Providers.Google({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+      authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth?prompt=consent&access_type=offline&response_type=code',
+    })
+  ],
+  ...
+}
+```
 :::
 
 :::tip
 Google also return an `email_verified` boolean property in the OAuth profile.
-:::
+
+You can use this property to restrict access to people with verified accounts at a particular domain.
+
+```js
+const options = {
+  ...
+  callbacks: {
+    signIn: async (user, account, profile) => {
+      if (account.provider === 'google' &&
+          profile.email_verified === true &&
+          profile.email.endsWith('@example.com')) {
+        return Promise.resolve(true)
+      } else {
+        return Promise.resolve(false)
+      }
+    },
+  }
+  ...
+}
+```
+:::