The refresh_token is only provided on the first authorization from the user. Subsequent authorizations, such as the kind you make while testing an OAuth2 integration, will not return the refresh_token again. 🙂
- Go to the page showing Apps with access to your account:
https://myaccount.google.com/u/0/permissions. - Under the Third-party apps menu, choose your app.
- Click Remove access and then click Ok to confirm
- The next OAuth2 request you make will return a
refresh_token(providing that it also includes the ‘access_type=offline’ query parameter.
Alternatively, you can add the query parameters prompt=consent&access_type=offline to the OAuth redirect (see Google’s OAuth 2.0 for Web Server Applications page).
This will prompt the user to authorize the application again and will always return a refresh_token.