Forwarded Query Parameters on Google Identity Provider?

I’m trying to get the refresh token from Google OAuth. By default, query string ‘acces_type’ is set to 'online.
I have already tried to add it like a custom scope, but google doesn’t support it
Also, I have made it to work by making a new custom provider, setting all the properties of google manually and setting a “Forwarded Query Parameters” with access_type, instead of using the one provided by Keycloak. My problem is that my appllication is currently productive and I prefer not to change the provider completely

So… Is there a way to add custom query parameters to the identity provider page from the google solution provided by keycloak?


It’s a little unique, it’s not the “offline” scope in your standard oauth scopes. It’s a custom querystring param.

There’s a “Request refresh token” toggle on the google provider that actually determines this behavior. The tooltip says the following

Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.