Menu
I'm developing an application wherein I need to access multiple google calendars. All these calendars come from different users. And right now I am using OAuth2 for the syncing. But as I understand it, I can only generate 25 refresh tokens per client ID.
Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working. As advised, I am keeping the refresh tokens in my DB. But my problem is, what if I get more clients who would want to sync their calendar? Is there any way to overlook the limit? Of course there isn't. What I have in mind right now is just to create more client IDs. Any advise?
629
If you're talking about old refresh token, it only available one time. But from client side, there is no limitation, you can always refresh as soon as the refresh token is not expired.
This is called the refresh token flow, or re-association flow. During this flow, the integrator tells Google when the payment token expires. Note: The token's minimum lifetime is one year.
Refresh tokens are approximately 500 characters long. We recommend that your application stack be made to handle tokens of at least 1000 characters to accommodate future expansion plans. This applies to access tokens as well as refresh tokens.
Refresh tokens do not expire, unless there are few special conditions : The user has removed your Google application. The refresh token has not been used for six months.
Its 50 per user (client-user) as in User of your Client. Not client_id. For each person that authenticates your application you can have them authenticate it up to 50 times. Each Refresh token you receive will work. After the 50th the first one will stop working. They will also work for up to 6 months I think, if it hasn't been used for 6 months it will be invalidated.
You can have as many people use your Client (client_id) as are willing to authenticate you. You wont have any problems.
From Google Oauth2 Documentation found here
Token expiration
You must write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:
• The user has revoked access.
• The token has not been used for six months.
• The user changed passwords and the token contains Gmail scopes.
• The user account has exceeded a certain number of token requests.
There is currently a limit of 50 refresh tokens per user account per client. If the limit is reached, creating a new token automatically invalidates the oldest token without warning. This limit does not apply to service accounts.
There is also a larger limit on the total number of tokens a user account or service account can have across all clients. Most normal users won't exceed this limit but a developer's test account might.
If you need to authorize multiple programs, machines, or devices, one workaround is to limit the number of clients that you authorize per user account to 15 or 20. If you are a Google Apps admin, you can create additional admin users and use them to authorize some of the clients.
Question: Where did you find this? I would like to report it to Google its a bit confusing
Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
