2

I am using oAuth2Client to access a user's Google Analytics property. Their refresh token is saved for future use. However, because the user could add multiple properties, I need to assign the refresh token to the user's Google account, not the GA Property. It looks like I should be able to identify Google accounts by their 'sub' string. This should be accessible within either the token_id or the credentials. I have tried both - token_id is not returned within the tokens object and credentials returns empty. Here is what I have tried:

import { google } from 'googleapis';
...
//POST token request to Google using received code
const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uri);
const tokenRes = await oAuth2Client.getToken(code);

console.log(JSON.stringify(oAuth2Client.credentials));//{}
console.log(JSON.stringify(tokenRes.tokens));//{'access_token':'abc123', 'refresh_token':'1//abc123', etcButNoIdToken}
Improve this question

1 Answer 1

Reset to default
1

The google analytics scopes dont give you any profile information.

Your should request the profile scope along with your request then you will be able to identify the current authorized user.

Tip: id tokens come from the sign-in or authencation. Not not the Oauth2 consent or authorization.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you! Added the userinfo.profile scope and now id_token has the sub value. getTokenInfo has the sub value now too.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.