5

I implemented Google and Dropbox authentication in my NestJS app within two distinct strategies.

The issue is that I never get a refresh_token along with the access_token. I already tried to remove the app from the already granted apps in my Google/Dropbox account but with no success.

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-google-oauth2';
import { AuthService } from './auth.service';
import { OauthUser } from './oauth-user.entity';
import { UserService } from '../user/user.service';
import { ConfigService } from '../config/config.service';
import { CloudProvider } from '../shared/enums/cloud-service.enum';

@Injectable()
export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {

  constructor(private readonly authService: AuthService,
              private readonly userService: UserService,
              private readonly configService: ConfigService) {
    super({
      clientID: configService.get('OAUTH_GOOGLE_ID'),
      clientSecret: configService.get('OAUTH_GOOGLE_SECRET'),
      callbackURL: configService.get('OAUTH_GOOGLE_CALLBACK'),
      passReqToCallback: true,
      scope: ['email', 'profile', 'https://www.googleapis.com/auth/drive.file'],
      accessType: 'offline',
      prompt: 'consent',
      session: false,
    });
  }

  async validate(request: any, accessToken: string, refreshToken: string, oauthUser: OauthUser) {
    console.log('accessToken', accessToken) // <- this one is good
    console.log('refreshtoken', refreshToken) // <- always undefined
    oauthUser.provider = CloudProvider.GOOGLE;
    return this.userService.getOrCreate(oauthUser, accessToken).then(() => {
      return this.authService.getJwtForUser(oauthUser).then(jwt => {
        return { jwt };
      });
    });
  }

}
Flobesst
  • 1,281
  • 1
  • 16
  • 26
  • 1
    I can't speak to the Google API, but note that the Dropbox API does not currently use refresh tokens. – Greg May 20 '19 at 21:48

1 Answers1

6
import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, VerifyCallback } from 'passport-google-oauth20';

import { IUserProfile } from './interfaces/user.interface';

@Injectable()
export class GoogleStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      clientID: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
      callbackURL: process.env.GOOGLE_CB_URL,
      scope: ['email', 'profile'],
    });
  }

  authorizationParams(): { [key: string]: string; } {
    return ({
      access_type: 'offline'
    });
  };

  async validate(
    accessToken: string,
    refreshToken: string,
    profile: IUserProfile,
    done: VerifyCallback,
  ): Promise<void> {
    const { emails } = profile;
    console.log(accessToken, refreshToken);
    done(null, {email: emails[0].value, accessToken});
  }
}
Данил Дубовик
  • 61
  • 1
  • 2
  • 1
    krasava, sps))) – asus Dec 04 '20 at 07:17
  • This was not worked for me, but it started working after I've added additional property - prompt: 'consent' to authorizationParams's return object. See https://github.com/jaredhanson/passport-google-oauth/issues/115#issuecomment-219686602 – Максим Пешков Dec 27 '20 at 20:11
  • Initially I put that config option in constructor, and come to know that there is authorizationParams() method. And then I tried { accessType: 'offline' } automatically in node nest.js code, but it should be snake case like the above answer { access_type: 'offline' }. – tkhwang Aug 14 '21 at 06:22
  • Worked like a charm ! – Ravi Bhanushali Aug 28 '23 at 20:08