1

How can I get a Refresh Token from GCP?

I already got the Client ID and Client Secret from OAuth Client ID, but I can't find any Refresh Token from the credentials?

MADFROST
  • 1,043
  • 2
  • 11
  • 29
  • What is the question and problem? – John Hanley Nov 26 '21 at 03:04
  • @JohnHanley Hi John! where can I get the refresh token from GCP? Because I need it to connect a linked service from Azure Data Factory, and It needs Client ID, Client Secret, and Refresh Token. I have done with Client ID, and Client Secret, but where is the Refresh Token ? – MADFROST Nov 26 '21 at 03:08
  • The answer from @JakeNelson is very good. The Refresh Token is associated with the identity that authenticated and is not part of the client secret credentials. Remember to save it as you will not get it again (usually). For Azure, first you authenticate with Google OAuth which will return the Refresh Token. The ID, Secret, and Refresh allow Azure to recreate Access Tokens on demand. – John Hanley Nov 26 '21 at 03:31
  • Google has the OAuth Playground which will allow you to create OAuth tokens. https://developers.google.com/oauthplayground/ – John Hanley Nov 26 '21 at 03:35
  • @RudyTriSaputra, Please consider accepting an answer if one has been helpful. See [how does accepting an answer work](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) for info. – Jake Nelson Dec 22 '21 at 13:43

1 Answers1

3

Google provides a lot of docs around different methods of authentication including refresh tokens but this document is probably most helpful.

Basically, once the user authorises you, in the response you get an authorization code which can be exchanged for an access token and refresh token by making a call to https://oauth2.googleapis.com/token like:

POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded

code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob%3Aauto&
grant_type=authorization_code

Response:

{
  "access_token": "1/fFAGRNJru1FTz70BzhT3Zg",
  "expires_in": 3920,
  "token_type": "Bearer",
  "scope": "https://www.googleapis.com/auth/drive.metadata.readonly",
  "refresh_token": "1//xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
}

Oauth on GCP is covered in depth here.

Jake Nelson
  • 1,748
  • 13
  • 22