Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google access token expiration time

Tags:

oauth-2.0

People also ask

Do Google access tokens expire?

Google handles the user authentication, session selection, and user consent. The result is an access token, which the client should validate before including it in a Google API request. When the token expires, the application repeats the process.

How long are access tokens valid for?

By default, access tokens are valid for 60 days and programmatic refresh tokens are valid for a year. The member must reauthorize your application when refresh tokens expire.

How long is Google Auth code valid?

a code generated remained valid even after 150 secs (duration in which five more codes were generated). but once i have used it it becomes invalid. Why Its So?

The spec says seconds:

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-22#section-4.2.2

expires_in
    OPTIONAL.  The lifetime in seconds of the access token.  For
    example, the value "3600" denotes that the access token will
    expire in one hour from the time the response was generated.

I agree with OP that it's careless for Google to not document this.


Have a look at: https://developers.google.com/accounts/docs/OAuth2UserAgent#handlingtheresponse

It says:

Other parameters included in the response include expires_in and token_type. These parameters describe the lifetime of the token in seconds...


Since there is no accepted answer I will try to answer this one:

[s] - seconds

From Google OAuth2.0 for Client documentation,

  • expires_in -- The number of seconds left before the token becomes invalid.

Related questions

Using Postman to access OAuth 2.0 Google APIs
Restrict Login Email with Google OAuth2.0 to Specific Domain Name
Difference between OAuth 2.0 "state" and OpenID "nonce" parameter? Why state could not be reused?
How to Logout of an Application Where I Used OAuth2 To Login With Google?
How to refresh token with Google API client?
How can I revoke a JWT token?
OAuth 2.0 Authorization Header
client secret in OAuth 2.0
What's the right OAuth 2.0 flow for a mobile app
OAuth Authorization vs Authentication
PG undefinedtable error relation users does not exist
What is intent of ID Token expiry time in OpenID Connect?
Correct way to set Bearer token with CURL
Error :Request header field Content-Type is not allowed by Access-Control-Allow-Headers
Is there any JSON Web Token (JWT) example in C#?
Where can I find a list of scopes for Google's OAuth 2.0 API? [closed]
How to implement oauth2 server in ASP.NET MVC 5 and WEB API 2 [closed]
JWT (Json Web Token) Audience "aud" versus Client_Id - What's the difference?
What are Bearer Tokens and token_type in OAuth 2?
How to obtain Signing certificate fingerprint (SHA1) for OAuth 2.0 on Android?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!