Situation
I have simple android app where user gets data from Google Fusion Tables with REST api. For this I was using OAuth 2 authorization to get Access Token and Refresh Token. I have web view in my app which will show login screen as well as consent screen. I was planning to get access token from web view and use it for further API calls. I am using retrofit to execute my http calls. I use following query parameters,
"client_id" = CLIENTID
"client_secret" = SECRET
"code" = 4/XXXXXXXXXX //Code got from redirect url
"grant_type" = "authorization_code"
"access_type" = "offline"
"approval_prompt" = "force"
"redirect_uri" = REDIRECT_URL
So far so good. But when I exceute post request with above query parameters, I get following response,
{
"access_token": "ya29.XXXXXXXXXXXXXX",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "XXXXXXXXXX"
}
Question
Where is refresh token? I need refresh token because I couldn't do API call through app later on with access token and I don't want user to get access token every time.
What I have tried
I have already followed instructions from this post and have tried revoking permission to application from settings. I have also tried using different google accounts in case there was some permission issue, but still no luck. I have also tried removing query parameter "approval_prompt" and "grant_type" but that also didn't help.
I got answer after searching and banging head for 5-6 hours. This answer saved me! Answer to people looking for this in future,
Add "access_type" = "offline" query while requesting for access token rather than exchanging, i.e. in URL which asks for consent.