Skip to content
This repository has been archived by the owner on Jul 15, 2021. It is now read-only.

Google does not return refresh token without access_type=offline in the auth url. #170

Open
rio opened this issue Jul 28, 2020 · 5 comments
Open

Google does not return refresh token without access_type=offline in the auth url. #170

rio opened this issue Jul 28, 2020 · 5 comments

Comments

@rio
Copy link

rio commented Jul 28, 2020

This can be resolved luckily without code changes by adding it tot the authorization url set in the configuration.
@ghost
Copy link

ghost commented Sep 30, 2020

This is did not fix it for me, I've tried using offline instead of offline_access as well.
image

https://github.com/heptiolabs/gangway/blob/master/docs/google.md#configuring-gangway mentions to leave offline out, but as @rio mentions, there is no refresh token.

@rio
Copy link
Author

rio commented Sep 30, 2020

@VihanAgarwal97, make sure you add access_type=offline to your auth url like so: https://accounts.google.com/o/oauth2/v2/auth?access_type=offline

@ghost
Copy link

ghost commented Sep 30, 2020

Still missing a refresh token.

apiVersion: v1
data:
  gangway.yaml: >
    apiServerURL: <redacted>

    audience: https://${DNS_NAME}/userinfo

    authorizeURL:
    https://accounts.google.com/o/oauth2/v2/auth?access_type=offline

    clientID: ${GANGWAY_CLIENT_ID}

    clientSecret: ${GANGWAY_CLIENT_SECRET}

    clusterName: <redacted>

    port: 8080

    redirectURL: <redacted>

    scopes:

    - openid

    - profile

    - email

    tokenURL: https://www.googleapis.com/oauth2/v4/token

    usernameClaim: email

I'm using the helm chart to deploy -

      # Values file as block file
      values: |
        gangway:
          scopes: ["openid", "profile", "email"]
          apiServerURL: "<redacted>"
          authorizeURL: "https://accounts.google.com/o/oauth2/v2/auth?access_type=offline"
          tokenURL: "https://www.googleapis.com/oauth2/v4/token"
          clusterName: <redacted>
          # Where to redirect back to. This should be a URL
          redirectURL: "<redacted>/callback"
          usernameClaim: "email"
        env: 
        - name: GANGWAY_SESSION_SECURITY_KEY
          valueFrom:
            secretKeyRef:
              name: gangway-test-key
              key: sessionkey 
        - name: GANGWAY_AUDIENCE
          valueFrom:
            secretKeyRef:
              name: gangway-secret 
              key: client_id # For Google OAuth, clientID is the same as audience
        - name: GANGWAY_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: gangway-secret 
              key: client_id
        - name: GANGWAY_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: gangway-secret
              key: client_secret

@ghost
Copy link

ghost commented Oct 7, 2020

@rio the docs specify a different url, I'm not sure what to use.
https://github.com/heptiolabs/gangway/blob/master/docs/google.md#configuring-gangway
This is currently blocking us from using this in prod.

@rio
Copy link
Author

rio commented Oct 8, 2020

google only issues refresh tokens once per login. To get a refresh token again remove your third party integration from accounts.google.com from your account then login again.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rio