You only get a refresh token if access_type=offline is set. You have two choices of how to handle this:
Don't use
access_type=offline
. Your access token will be good for 1 hour. After the access token expires, re-prompt the user to authenticate again. They'll need to do the whole OAuth dance again so that you can get a new access token.Use
access_type=offline
so that you can get a new access tokens via the refresh token. If you prefer, after the user logs out, you can revoke the tokens.