feat(oauth2): support access_type=offline to enable refresh tokens from google (#303)

elson · pi0 · commit 9553f5cbb749 · 2019-06-14T00:53:39.000+04:30
diff --git a/docs/schemes/oauth2.md b/docs/schemes/oauth2.md
@@ -20,6 +20,8 @@ auth: {
       authorization_endpoint: 'https://accounts.google.com/o/oauth2/auth',
       userinfo_endpoint: 'https://www.googleapis.com/oauth2/v3/userinfo',
       scope: ['openid', 'profile', 'email'],
+      access_type: undefined,
+      access_token_endpoint: undefined,
       response_type: 'token',
       token_type: 'Bearer',
       redirect_uri: undefined,
@@ -49,6 +51,14 @@ If a `false` value is set, we only do login without fetching user profile.
 
 By default is `token`. If you use `code` you may have to implement a server side logic to sign the response code.
 
+### `access_type`
+
+If using Google code authorization flow (`response_type: 'code'`) set to `offline` to ensure a refresh token is returned in the initial login request. (See [Google documentation](https://developers.google.com/identity/protocols/OpenIDConnect#refresh-tokens))
+
+### `access_token_endpoint`
+
+If using Google code authorization flow (`response_type: 'code'`) provide a URI for a service that accepts a POST request with JSON payload containing a `code` property, and returns tokens [exchanged by provider](https://developers.google.com/identity/protocols/OpenIDConnect#exchangecode) for `code`. See [source code](https://github.com/nuxt-community/auth-module/blob/dev/lib/schemes/oauth2.js)
+
 ### `token_type`
 
 By default is `Bearer`. It will be used in `Authorization` header of axios requests.
diff --git a/lib/schemes/oauth2.js b/lib/schemes/oauth2.js
@@ -68,6 +68,7 @@ export default class Oauth2Scheme {
     const opts = {
       protocol: 'oauth2',
       response_type: this.options.response_type,
+      access_type: this.options.access_type,
       client_id: this.options.client_id,
       redirect_uri: this._redirectURI,
       scope: this._scope,
