For like a week now, I have been unable to process Google OAuth for the youtube API.
When I request authorization like this:
http://accounts.google.com:443/o/oauth2/v2/auth?state=STATE&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube.force-ssl+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline
The scopes are clearly defined without openid.
However, on callback this is what comes back
/youtube/auth/callback?state=STATE&code=CODE&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube.force-ssl+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube+openid&authuser=0&prompt=none
Open ID has been added to the scopes
When code exchange for tokens is done, the response now include id_token instead of refresh_token and the scope are different (persistently)
{"access_token"=>"ACCESS_TOKEN", "expires_in"=>3599, "scope"=>"https://www.googleapis.com/auth/youtube.force-ssl https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/youtube openid", "token_type"=>"Bearer", "id_token"=>"ID_TOKEN"}
What cause this?
Any of the open id scopes or signing scopes will cause a token id to be returned.
These are the one i am sure will, email may as well but im not sure.
The reason you are not getting a refresh token is because web applications only return the refresh token the first time you authorize the user Google assumes that you have stored it for later use. so revoke the users access request access again and you should get a refresh token back. If that doesn't work have the user go into their google profile under security and have them remove it there.