I'm unable to find the refresh token in the HTTP response I received.
Follow the below steps to generate refresh tokens if you find it is missing in the HTTP response:
- To generate a refresh token for the first time, include access_type=offline in /oauth/v2/auth to get refresh token along with the access token as a response for /oauth/v2/token.
- To receive another refresh token, include access_type=offline and prompt=consent in your authorization request. Adding prompt=consent along with access_type=offline, will prompt the user to provide their consent whenever the app tries to access their details thereby creating refresh tokens repeatedly.
As refresh tokens have infinite lifetime, we recommend you to not follow the second step. Once created the refresh tokens will never expire unless you or the application delete them.
For detailed information, please refer to our OAuth documentation