diff --git a/.gemini/GEMINI.md b/.gemini/GEMINI.md
new file mode 100644
index 00000000..0f175c59
--- /dev/null
+++ b/.gemini/GEMINI.md
@@ -0,0 +1,12 @@
+# Overview
+
+This codebase is part of the Google Workspace GitHub organization, https://github.com/googleworkspace.
+
+## Style Guide
+
+Use open source best practices for code style and formatting with a preference for Google's style guides.
+
+## Tools
+
+- Verify against Google Workspace documentation with the `workspace-developer` MCP server tools.
+- Use `gh` for GitHub interactions.
diff --git a/.gemini/config.yaml b/.gemini/config.yaml
new file mode 100644
index 00000000..a4814a5f
--- /dev/null
+++ b/.gemini/config.yaml
@@ -0,0 +1,12 @@
+# Config for the Gemini Pull Request Review Bot.
+# https://github.com/marketplace/gemini-code-assist
+have_fun: false
+code_review:
+  disable: false
+  comment_severity_threshold: "HIGH"
+  max_review_comments: -1
+  pull_request_opened:
+    help: false
+    summary: true
+    code_review: true
+ignore_patterns: []
diff --git a/.gemini/settings.json b/.gemini/settings.json
new file mode 100644
index 00000000..ec3565d5
--- /dev/null
+++ b/.gemini/settings.json
@@ -0,0 +1,8 @@
+{
+    "mcpServers": {
+        "workspace-developer": {
+            "httpUrl": "https://workspace-developer.goog/mcp",
+            "trust": true
+        }
+    }
+}
\ No newline at end of file
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
new file mode 100644
index 00000000..4a9deaa4
--- /dev/null
+++ b/.vscode/extensions.json
@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "google-workspace.google-workspace-developer-tools"
+    ]
+}
\ No newline at end of file
diff --git a/dist/OAuth2.gs b/dist/OAuth2.gs
index adf3bb84..ce97757c 100644
--- a/dist/OAuth2.gs
+++ b/dist/OAuth2.gs
@@ -759,7 +759,6 @@ Service_.prototype.ensureExpiresAtSet_ = function(token) {
 Service_.prototype.refresh = function() {
   validate_({
     'Client ID': this.clientId_,
-    'Client Secret': this.clientSecret_,
     'Token URL': this.tokenUrl_
   });
 
diff --git a/src/Service.js b/src/Service.js
index 68bd3e7f..e7527fe1 100644
--- a/src/Service.js
+++ b/src/Service.js
@@ -666,7 +666,6 @@ Service_.prototype.ensureExpiresAtSet_ = function(token) {
 Service_.prototype.refresh = function() {
   validate_({
     'Client ID': this.clientId_,
-    'Client Secret': this.clientSecret_,
     'Token URL': this.tokenUrl_
   });
 
diff --git a/test/test.js b/test/test.js
index 1e8317f7..fe7aca71 100644
--- a/test/test.js
+++ b/test/test.js
@@ -387,6 +387,35 @@ describe('Service', () => {
       done();
     });
 
+    it('should refresh token granted for PKCE', () => {
+      const NOW_SECONDS = OAuth2.getTimeInSeconds_(new Date());
+      const ONE_HOUR_AGO_SECONDS = NOW_SECONDS - 360;
+      var token = {
+        granted_time: ONE_HOUR_AGO_SECONDS,
+        expires_in: 100,
+        refresh_token: 'bar',
+        refresh_token_expires_in: 720
+      };
+      var properties = new MockProperties({
+        'oauth2.test': JSON.stringify(token)
+      });
+
+      mocks.UrlFetchApp.resultFunction = () => JSON.stringify({
+        access_token: Math.random().toString(36)
+      });
+
+      OAuth2.createService('test')
+          .setClientId('test')
+          .setTokenUrl('http://www.example.com/')
+          .setPropertyStore(properties)
+          .generateCodeVerifier()
+          .refresh();
+
+      var storedToken = JSON.parse(properties.getProperty('oauth2.test'));
+      assert.equal(storedToken.refresh_token, 'bar');
+      assert.equal(storedToken.refreshTokenExpiresAt, NOW_SECONDS + 360);
+    });
+
     it('should retain refresh expiry', () => {
       const NOW_SECONDS = OAuth2.getTimeInSeconds_(new Date());
       const ONE_HOUR_AGO_SECONDS = NOW_SECONDS - 360;