Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using identity_resource and refresh_token #482

Open
lawik opened this issue Oct 17, 2023 · 4 comments
Open

Using identity_resource and refresh_token #482

lawik opened this issue Oct 17, 2023 · 4 comments

Comments

@lawik
Copy link
Contributor

lawik commented Oct 17, 2023

With Google you only get one shot (one opportunity) to get a refresh_token. Performing a new authentication sets refresh_token to nil. No good :)

strategies do
      oauth2 :google do
        identity_resource Knowb.Accounts.Identity
        client_id Knowb.GoogleAuthSecrets
        client_secret Knowb.GoogleAuthSecrets
        redirect_uri Knowb.GoogleAuthSecrets
        site Knowb.GoogleAuthSecrets

        authorize_url "https://accounts.google.com/o/oauth2/auth"
        token_url "https://accounts.google.com/o/oauth2/token"
        user_url "https://www.googleapis.com/oauth2/v1/userinfo"

        authorization_params(
          scope:
            [
              "https://www.googleapis.com/auth/userinfo.email",
              "https://www.googleapis.com/auth/userinfo.profile"
            ]
            |> Enum.join(" "),
          access_type: "offline",
          prompt: "select_account"
        )
      end
    end

Setting access_type: "offline" is needed to get a refresh_token from Google. If we do not save it the subsequent logins will only produce access_token and refresh_token will be nil. I can revoke the app access here and logging in after that will get me a new refreh_token. But that's not particularly tenable for users.

The need for the refresh_token is fundamentally to not have to run a separate Google integration to make API calls on behalf of the user even after their session has perhaps lapsed. I am planning to feed it to Goth and do a bunch of Google stuff.

Killing the refresh token on logging in again is a problem for that.
@lawik
Copy link
Contributor Author

lawik commented Oct 17, 2023

This PR should address that, seems to do it for my needs: #483

@lawik
Copy link
Contributor Author

lawik commented Oct 18, 2023

This was useful context and what I base my assumptions on: https://stackoverflow.com/a/10857806

@lawik
Copy link
Contributor Author

lawik commented Oct 26, 2023

I think this could be closed but the above would probably benefit from being documented?

@jimsynz
Copy link
Collaborator

jimsynz commented Oct 26, 2023

Hi @lawik 👋

Yeah, I note that now that the Google strategy has been merged the recent addition of the oauth2 strategy with google guide is now a lie. Perhaps you and/or @Sam23D could come up with a doc update for the status of Google including the knowledge in this issue and we can then close it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimsynz @lawik