Skip to content

Fix Google OAuth2 refresh token support #10732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: 1.8.x
Choose a base branch
from
Draft

Fix Google OAuth2 refresh token support #10732

wants to merge 2 commits into from
+3 −1

Conversation

Copy link
Contributor

Copilot AI commented Oct 29, 2025
edited
Loading

Google OAuth2 sessions lose their access tokens after calling updateSession() because Google doesn't return refresh tokens by default.

Changes

  • src/Appwrite/Auth/OAuth2/Google.php: Added access_type=offline and prompt=consent parameters to authorization URL
return 'https://accounts.google.com/o/oauth2/v2/auth?' . \http_build_query([
    'client_id' => $this->appID,
    'redirect_uri' => $this->callback,
    'scope' => \implode(' ', $this->getScopes()),
    'state' => \json_encode($this->state),
    'response_type' => 'code',
    'access_type' => 'offline',      // Request refresh token
    'prompt' => 'consent'             // Force token refresh on each auth
]);

This aligns with Google's OAuth2 requirements and matches the pattern used by Microsoft's implementation (offline_access scope).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/Nevay/spi/zipball/e7078767866d0a9e0f91d3f9d42a832df5e39002
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/Seldaek/jsonlint/zipball/1748aaf847fc731cfad7725aec413ee46f0cc3a2
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/appwrite/php-clamav/zipball/f3897169f5c1f365312238a516ae9465f804634f
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/appwrite/runtimes/zipball/7bd0cc3cb97de625d7b07230bd91b121f88e72ae
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/appwrite/sdk-generator/zipball/b4a2fd9e92903c2e156f17fc5dafe102e6cfdfda
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/brick/math/zipball/113a8ee2656b882d4c3164fa31aa6e12cbb7aaa2
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/chillerlan/php-qrcode/zipball/345ed8e4ffb56e6b3fcd9f42e3970b9026fa6ce4
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/chillerlan/php-settings-container/zipball/95ed3e9676a1d47cab2e3174d19b43f5dbf52681
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/composer/semver/zipball/198166618906cb2de69b95d7d47e5fa8aa1b2b95
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/0afa95ea74be155a7bcd6c6fb60c276c39984500
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/doctrine/annotations/zipball/901c2ee5d26eb64ff43c47976e114bf00843acf7
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/doctrine/lexer/zipball/31ad66abc0fc9e1a1f2d9bc6a42668d2fbbcd6dd
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/dragonmantank/cron-expression/zipball/8c784d071debd117328803d86b2097615b457500
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/laravel/pint/zipball/5016e263f95d97670d71b9a987bd8996ade6d8d9
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/matomo-org/device-detector/zipball/e53eed31bb1530851feebe52bd64c3451da19e77
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/matthiasmullie/minify/zipball/76ba4a5f555fd7bf4aa408af608e991569076671
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/matthiasmullie/path-converter/zipball/e7d13b2c7e2f2268e1424aaed02085518afa02d9
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/mustangostang/spyc/zipball/4627c838b16550b666d15aeae1e5289dd5b77da0
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/paragonie/constant_time_encoding/zipball/e30811f7bc69e4b5b6d5783e712c06c8eabf0226
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/php-fig/cache/zipball/aa5030cfa5405eccfdcb1083ce040c2cb8d253bf
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/php-http/discovery/zipball/82fe4c73ef3363caed49ff8dd1539ba06044910d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/phpbench/container/zipball/a59b929e00b87b532ca6d0edd8eca0967655af33
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/phpbench/phpbench/zipball/bb61ae6c54b3d58642be154eb09f4e73c3511018
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/phpseclib/phpseclib/zipball/9d6ca36a6c2dd434765b1071b2644a1c683b385d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/phpstan/phpstan/zipball/46e223dd68a620da18855c23046ddb00940b4014
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/539c6691e0623af6dc6f9c20384c120f963465a0
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/05d5692a7993ecccd56a03e40cd7e5b09b1d404e
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/sebastianbergmann/type/zipball/75e2c2a32f5e0b3aef905b9ed0b179b953b3d7c7
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/sebastianbergmann/version/zipball/c6c1022351a901512170118436c764e473f6de8c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/console/zipball/cdb80fa5869653c83cfe1a9084a673b6daf57ea7
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/finder/zipball/9f696d2f1e340484b4683f7853b273abff94421f
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/options-resolver/zipball/0ff2f5c3df08a395232bbc3c2eb7e84912df911d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/380872130d3a5dd3ace2f4010d95125fde5d5c70
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/process/zipball/f24f8f316367b30810810d4eb30c543d7003ff3b
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/thephpleague/csv/zipball/e0221a3f16aa2a823047d59fab5809d552e29bc8
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/utopia-php/system/zipball/8e4a7edaf2dfeb4c9524e9f766d27754f2c4b64d
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)
  • https://api.github.com/repos/webmozarts/glob/zipball/8a2842112d6916e61e0e15e316465b611f3abc17
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/LLgN2q /usr/bin/composer install --no-interaction --ignore-platform-reqs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>🐛 Bug Report: Google Access Token disappears after calling "updateSession"</issue_title>
<issue_description>### 👟 Reproduction steps

  • Log in successfully using Google OAuth (account.createOAuth2Session('google', xxx, xxx, [scope]))
  • Call account.getSession('current')
    • providerAccessToken is populated and can be used to call Google APIs
    • providerRefreshToken is empty, but this is expected as we do not want this to be visible to the client
  • Call account.updateSession('current')
  • Call account.getSession('current')
    • providerAccessToken is empty
    • providerRefreshToken is empty

👍 Expected behavior

Calling account.updateSession('current') is explained in the docs (https://appwrite.io/docs/client/account?sdk=web-default#accountUpdateSession) as a method to refresh access tokens. I assume this is supposed to use a refreshToken to achieve this serverside, which is the recommended safe way of doing this.

👎 Actual Behavior

Refreshing the access token does not work, and instead leaves the current session empty.
Looking at the clues, are we missing the refreshToken?

🎲 Appwrite version

Version 1.3.x

💻 Operating system

Linux

🧱 Your Environment

Self-hosted 1.3.X on an AWS EC2 instance.

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Comments on the Issue (you are @copilot in this section)

@stnguyen90 I think the underlying issue is the default scopes don't grant access to the refresh token:

appwrite/src/Appwrite/Auth/OAuth2/Google.php

Line 25 in 5a715ff

'openid'

Or it's missing params: https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token</comment_new>
<comment_new>@stnguyen90
@nick2432, are you still interested in working on this?</comment_new>

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 29, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@stnguyen90
Add access_type=offline and prompt=consent to Google OAuth2 login URL…
627adb4 
… to enable refresh tokens

Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix bug where Google access token disappears after updateSession Fix Google OAuth2 refresh token support Oct 29, 2025
Copilot AI requested a review from stnguyen90 October 29, 2025 23:15
Copilot finished work on behalf of stnguyen90 October 29, 2025 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stnguyen90 stnguyen90 Awaiting requested review from stnguyen90

At least 1 approving review is required to merge this pull request.

Assignees

@stnguyen90 stnguyen90

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stnguyen90