The Zurich release has arrived! Interested in new features and functionalities? Click here for more

How to get refresh token for Google Oauth API Calls

Jon Ulrich
Kilo Guru

on ‎06-30-2020 01:55 PM

Ok, so you've followed this article on how to do a outbound REST call to Google with OAuth 

Outbound REST with OAuth 2.0 profile tutorial - integrating with Google Contacts API

...but now what? How do you refresh your OAuth token via script to make the API calls again? You're going to need a "Refresh Token" but no one says how to get one...until now

(Assuming you are using Client ID and Client Secret for authentication)

  1. Go to the Google OAuth Playground: https://developers.google.com/oauthplayground/
  2. Click the Gear Icon in the upper right of the page.
    1. Click Use your own OAuth credentials checkbox
    2. Enter the OAuth Client ID and OAuth Client secret you are using in your OAuth Application Registry [oauth_entity]
    3. Click Close
  4. In Step 1 Select & authorize APIs, there is a input field to Input your own scopes. Fill this with the your OAuth Scope from the OAuth Entity Scopes related list on your Application Registry
  5. Click the Authorize APIs button.
  6. You are likely to get a popup with Error 400: redirect_uri_mismatchfind_real_file.png
    1. If this is the case, provide the link to your google administrator instructing them to "List the URL https://developers.google.com/oauthplayground as a valid redirect URI in your Google APIs Console's project."
  8. In the popups, click the account and Allow the access to the google account
  9. The OAuth Playground should now move you to Step 2  Exchange authorization code for tokens with the Authorization code filled in
  10. Click the Exchange authorization code for tokens button
  11. The Request / Response will populate in the right pane. Save this information! In here is your refresh_token.
  12. Now you can script a call to refresh your OAuth access token using tour refresh token
    1. //refresh_token received from previous steps
var refreshToken = "1/########################-########################-########################-########################";

//Application Registry NAME
var applicationRegistry = "Google";

// GlideOAuthClientRequest
var clientRequest = new sn_auth.GlideOAuthClientRequest();
clientRequest.setGrantType('refresh_token');
clientRequest.setRefreshToken(refreshToken);

// GlideOAuthClient
var client = new sn_auth.GlideOAuthClient();

// GlideOAuthClientResponse
var tokenResponse = client.requestTokenByRequest(applicationRegistry, clientRequest);

// GlideOAuthToken
var token = tokenResponse.getToken();
var expiresIn = token.getExpiresIn();
var accessToken = token.getAccessToken();
    2. Might be a good idea to store your refresh token in a system property
  14. Once you have things working, be sure to have your google administrator remove the redirect URI authorization to the playground. 

References:

Unable to refresh access token : response is “unauthorized_client”

How to Setup OAuth2 authentication for outbound RESTMessageV2 integrations

 

 

Preview file
30 KB
  • 10,717 Views
Comments
tmackay
Giga Contributor
‎08-19-2021 08:48 PM

Rather than hard-coding a refresh token, the built-in OAuth capability will take care of it. The problem is google won't return a refresh token unless it is explicitly requested by appending the query string "?access_type=offline" to the Authorization URL.

0 Helpfuls
Version history
Last update:
‎06-30-2020 01:55 PM
Updated by: