This documentation <https://developers.google.com/identity/protocols/oauth2/web-server#offline> about refreshing an access token (offline access) using Google's authorization server could be helpful.
On Monday, August 31, 2020 at 8:26:25 AM UTC-4 [email protected] wrote: > I am using IAP to protect a Web API Application. I have enabled a service > account to get access to the APIs through an id_token. I am able to obtain > an id_token (JWT) by signing a JWT (using the keys of my service account) > with the following assertions > { > "iss": "xx.iam.gserviceaccount.com", > "sub": "xx.iam.gserviceaccount.com", > "aud": "https://oauth2.googleapis.com/token";, > "target_audience": "my_application_client_id", > "iat": 1598702078, > "exp": 1598705593 > } > > and then Posting to the token service as follows > curl --location --request POST 'https://oauth2.googleapis.com/token' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'assertion=<JWT obtained at the previous step>’ > --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' > \ > --data-urlencode 'scope=openid’ > > Now I would like to also obtain a refresh_token and has been impossible. I > have tried with *scope=openid offline_access* but no luck. Is > *offline_access* implemented in the Google Auth Server? Any other > mechanism to obtain a refresh_token? > > Thank you very much > > *IOTA Foundation* > c/o Nextland > Strassburgerstraße 55 > 10405 Berlin, Germany > > Board of Directors: Dominik Schiener, David Sønstebø, Serguei Popov, Navin > Ramachandran > ID/Foundation No.: 3416/1234/2 (Foundation Register of Berlin) > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/9687fedb-925a-42ef-9c26-439febdf168fn%40googlegroups.com.
