Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Multiple OAuth2 access tokens for single application?

Tags:

oauth

oauth-2.0

google-oauth

Maybe someone could clarify me, as I am not finding that clearly written in documentation...

I do have a single application, which is running on multiple machines. With OAuth2 I do have to obtain an Access Token in order to work with Google API. Do I need to use single Access Token across all my hosts and take care that it would be synchronized across them (which increases the complexity level, as once token expires - it must be refreshed and again distributed across all hosts), or it is possible that each host could get its own token and cache it locally?

I am not really sure either 2nd option is safe (though it would be easier to implement), as documentation writes that token can become invalid once it is refreshed. Could it happen, that while one host is creating its "own" token all other tokens (from other hosts) become automatically invalid?

like image 757
Laimoncijus Avatar asked Apr 18 '13 07:04

Laimoncijus

People also ask

Can you have multiple access tokens?

Access tokens are generated for an application, not a user, but yes, there can be multiple access tokens authorized by a single user - the user authorizes the application to perform some operations (scopes) on his behalf.

Can a user have multiple refresh tokens?

With OAuth2 a clientID will only have 1 active set of tokens (access+refresh).

How many times an access token can be used?

It depends... by default, each time you refresh token, it returns new access token and new refresh token. If you're talking about old refresh token, it only available one time. But from client side, there is no limitation, you can always refresh as soon as the refresh token is not expired.

Is access token one time use?

Once the token is used on a target device, it cannot be used again. You can generate as many client devices as you need to access the records associated to the application.

1 Answers

I assume your application is a web application deployed in a cluster, is that correct?

Is there session state distributed over the cluster? If so, add the access token to the session.

In theory you can have multiple access tokens, but don't rely on that. There are rate limits that you can run into, but if only occasionally a machine is getting multiple access tokens it is not an issue.

like image 170
mariuss Avatar answered Nov 02 '22 13:11

mariuss
Sign in to Comment

Related questions

Electron & ReactJS, Use BrowserWindow for GitHub oAuth authentication
OAuth token validation from HAProxy or Apache mod_proxy
Caching the access token on oauth or not?
Spring Boot OAuth2: How to retrieve user token info details
Facebook OAuth Login stopped working
How to extract public and private key from RSA JWK?
How to add a mobile access token in Angular 8 application?
How to fix "invalid return_url" error when creating oauth token for Trello with httr?
how to obtain a username from oauth key in twitter
How to process Oauth nonces on the server side?
Simple C# Evernote API OAuth example or guide?
using Facebook iOS SDK 2, how do I like a page? - "Application must be on whitelist"
Rails 3 and Facebook share
OAuth with Signpost and Apache Commons HTTP
Working with Facebook Authentication in a Development Environment
How to install oAuth if I cannot access the server?
Getting signature_invalid calling oauth/request_token for Etsy's API using RestSharp
Deleting cookie of the instagram authorization page in rails application
OAuth for Server to Server API Security
MVC 4 OAuth integration. What is next and how to get any information from data provider?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!