From e2dd6e89156bbd3b0a1f2b408354f3a649ffb1ff Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Tue, 30 Dec 2025 10:04:01 -0500
Subject: [PATCH] Specify `oauth2.ApprovalForce` to get a refresh token

---
 cmd/mailbox-shuffler/oauth.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/mailbox-shuffler/oauth.go b/cmd/mailbox-shuffler/oauth.go
index a9314d6..9e774de 100644
--- a/cmd/mailbox-shuffler/oauth.go
+++ b/cmd/mailbox-shuffler/oauth.go
@@ -129,7 +129,9 @@ func (s *oauthServer) GetTokenForUser(ctx context.Context, userID string) <-chan
 		codeCh := make(chan string)
 		s.tokenReqs[nonce] = codeCh
 
-		url := s.o2c.AuthCodeURL(nonce, oauth2.AccessTypeOffline)
+		// `ApprovalForce` is needed in combination with `AccessTypeOffline` in order
+		// to get a refresh token.
+		url := s.o2c.AuthCodeURL(nonce, oauth2.AccessTypeOffline, oauth2.ApprovalForce)
 		s.log.Info("Requesting authorization", zap.String("nonce", nonce), zap.String("url", url))
 
 		// Drop the lock until the code is received.
-- 
2.43.5