Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google OAuth2 Refresh_token expires when Access_token does

Tags:

google-oauth

According to https://groups.google.com/forum/#!forum/oauth2-dev discussion is now here.

No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh

However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.

Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.

It also makes the refresh token useless.

like image 755
Tim White Avatar asked May 16 '13 00:05

Tim White

People also ask

Does Google oauth2 refresh token expire?

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days. There is currently a limit of 100 refresh tokens per Google Account per OAuth 2.0 client ID.

How long does Google OAuth last?

According to the Google OAuth protocol, token expiration time is 1 hour, therefore it is necessary to set up a token refresh cycle in the prescribed time.

How do I know if my oauth2 access token is expired?

The OAuth 2.0 standard, RFC 6749, defines the expires_in field as the number of seconds to expiration: expires_in: RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.

How long do Google ID tokens last?

By default, an ID token is valid for 36000 seconds (10 hours). If there are security concerns, you can shorten the time period before the token expires, keeping in mind that one of the purposes of the token is to improve user experience by caching user information. See Update ID Token Lifetime for details.

1 Answers

If you request access_type=offline when making the initial request to https://accounts.google.com/o/oauth2/auth then you'll get back a refresh token along with the access token. This is documented here.

The refresh token does not expire, until the user explicitly revokes access to it from the Account -> Security -> "Connected applications and sites" page.

The other post you linked to seems to be related to SoundCloud, which presumably does things a little differently.

like image 182
Dean Harding Avatar answered Oct 31 '22 14:10

Dean Harding
Sign in to Comment

Related questions

Invalid Credentials for OAUTH from Youtube API
upload video to youtube without signing-in in the browser
How to obtain Client Secret in Youtube API for iOS client?
Develop Chrome extension without redirect URI
Google OAuth getting new access token with refresh token
Authenticating with OAuth2 on iOS
Spring and middleware conflict?
Google Admin SDK 403 Not Authorized to Access this Resource/API
Python - Google OAuth2 - Wrong number of segments in token
Google SignIn from Reactive Native giving TypeError - Expo
Google Sign In - Asking for fewer Permissions
Getting 'invalid_grant' error with google oauth from second time
iPhone Google+ Login and OAuth2 in Backend
What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?
Google oauth scope changed during authentication, but scope is same
Can I retrieve the Access Token from Spring Security Oauth?
Multiple OAuth2 access tokens for single application?
With Google+ being shutdown, is the OAuth API gone too?
Node.js "passport-google-oauth2" delivers "failed to fetch user profile" error in Express application
Using Google OAuth2 with Flask

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!