How can I get a refresh-token from Google OAUTH in ASP.Net Core 5 Identity?

Question

How do you get a refresh-token from Google in ASP.Net Core Identity 5?

I am able to get an access-token, but not a refresh-token.

Startup.cs, ConfigureServices

...
services.AddAuthentication()
    .AddGoogle(options =>
    {
        IConfigurationSection googleAuthNSection = Configuration.GetSection("Authentication:Google");

        options.ClientId = googleAuthNSection["ClientId"];
        options.ClientSecret = googleAuthNSection["ClientSecret"];

        options.Scope.Add("https://www.googleapis.com/auth/userinfo.email");
        options.Scope.Add("https://www.googleapis.com/auth/userinfo.profile");
        options.Scope.Add("https://www.googleapis.com/auth/calendar");

        //this should enable a refresh-token, or so I believe
        options.AccessType = "offline"; 

        options.SaveTokens = true;

        options.Events.OnCreatingTicket = ctx =>
        {
            List<AuthenticationToken> tokens = ctx.Properties.GetTokens().ToList();

            tokens.Add(new AuthenticationToken()
            {
                Name = "TicketCreated",
                Value = DateTime.UtcNow.ToString()
            });

            ctx.Properties.StoreTokens(tokens);

            return Task.CompletedTask;
        };
    });

When I sign up with a google account and the code hits "OnCreatingTicket", I get an access token - but no refresh-token...:

Question

What am I missing to get a refresh-token back here?

Answer 1

I might be a bit late to this, but found out that you can put this line in the options to force the refresh token. (Its a bit of a hack mind you)

  options.AuthorizationEndpoint += "?prompt=consent";