Search code examples
djangooauth-2.0google-oauthpython-social-auth

force google to refresh token via python social auth

We're working on a project that depends on PSA (0.2.1) for authentications with google oauth2 (offline). Somehow we lost some refresh tokens of some users, we want to force those users to RE-AUTHENTICATE so we can get new refresh token from google

we tried both :

  1. Diconnect those users using /diconnect/google-oauth2, we got a NotAllowedToDisconnect exception, even after removing social.pipeline.disconnect.allowed_to_disconnect from SOCIAL_AUTH_DISCONNECT_PIPELINE, we got no exception, but when the user re-authenticate, there is no refreh_token in google response
  2. add approval_prompt=force to 'account:social:begin' url, but it doesn't return the refresh_token

Any idea will be highly appreciated.

Update: We tried to use {% url 'account:social:begin' 'google-oauth2' %}?approval_prompt=force&next=/ to force the approval_prompt for certain users (with missing tokens), but its seem to have no effect over google oauth.

Thanks

Solution

  • Using this setting does the trick:

    SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {
    'access_type': 'offline',
    'approval_prompt': 'force'
}

    Use case example at http://psa.matiasaguirre.net/docs/use_cases.html#re-prompt-google-oauth2-users-to-refresh-the-refresh-token