Google Refresh Tokens Lifetime

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



Google Refresh Tokens Lifetime



I've been searching around but have been seeing many conflicting answers. Is it correct that refresh tokens from Google never expire based off of time? Basically I am writing a service that'll poll my own account and so I wont run into the errors of



The user revoking access to the service (Since I'm the user)



The token hasn't been used for six months (I'm going to be polling and calling the Gmail API everyday)



The user account has exceeded a certain number of token requests. There is currently a 25-token limit per Google user account. (I'm not sure what this means but I think I'll only have 1 token active if someone could explain this)




1 Answer
1



You are right, refresh tokens never expire based off of time. Points 1 and 2 are correct, if you don't revoke access to the application and you use it daily, you wont run into those problems.



About the third one, the limit has changed to 50 refresh tokens per user and it means you cannot have more than 50 active refresh tokens for a user. You can generate new ones, but the oldest refresh tokens will get revoked. Keep this in mind in case you generate new refresh tokens.



There is also another scenario where the refresh token could be revoked, if you change your password. You will need to handle this problem and update your refresh token.



You can find more information on this link: https://developers.google.com/identity/protocols/OAuth2#expiration





I'm confused what it means to generate new refresh tokens vs refreshing new access tokens? In what scenario would we generate a new refresh token?
– developer
Aug 8 at 18:05





There could be some scenarios where you will need more than 1 refresh token stored. Imagine if you have different services in the same application and those services have different scopes, you could have different refresh tokens for each service to generate access tokens with the scopes that you need. Another scenario could be if you include new scopes in your application, users will need to accept permissions again and this will generate a new refresh token with all scopes requested. In the last case, you will need to delete the old refresh token and use the new one.
– Rubén López
Aug 9 at 7:50







By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

make 2 or more post in bootsrap

Image
Clash Royale CLAN TAG #URR8PPP make 2 or more post in bootsrap I am making a CMS and I want to add two or more content post in every row, I can made one post in one columns, please see my code below. I am using PHP , HTML and bootstrap . CMS PHP HTML bootstrap How can I add two or more content post in every row? Code: <div class="container"> <div class="row"> <!-- Post Content Column --> <div class="col-lg-4 border border-dark rounded"> <?php $query = "SELECT * FROM POSTS"; $run_query_post = mysqli_query($connection, $query); while ($row = mysqli_fetch_assoc($run_query_post)) $post_id = $row['post_id']; $post_title = $row['post_title']; $post_author = $row['post_author']; $post_date = $row['post_date']; $post_image = $row['post_image']; $post_content = substr($row['post_content'], 0, 50); $post_status = $row['post_status']; if ($post_status !=...
Read more

Store custom data using WC_Cart add_to_cart() method in Woocommerce 3

Image
Clash Royale CLAN TAG #URR8PPP Store custom data using WC_Cart add_to_cart() method in Woocommerce 3 I am creating a membership site and totally created static pages for each Membership plans (have only 3 plans). However, I have added products for each plan and when I hit SELECT PLAN button I redirect to some custom form where I ask users range of info we are going to use to fulfil the plan (same as sneakertub.com). I have written code into the PHP page which will handle SUBMIT action of the form. This PHP file, infopage.php , will process POST data I sent via POST call and stores these all data into WC session. infopage.php $customer_name = $_POST["customer_name"]; $customer_email = $_POST["customer_email"]; $customer_sex = $_POST["customer_sex"]; $customer_age = $_POST["customer_age"]; $product_id = $_POST["product_id"]; global $wp_session; $data = array( 'customer_name' => $customer_name, 'customer_email' =...
Read more

Firebase Auth - with Email and Password - Check user already registered

Image
Clash Royale CLAN TAG #URR8PPP Firebase Auth - with Email and Password - Check user already registered I want to check when a user attempts to signup with createUserWithEmailAndPassword() in Firebase user Authentication method, this user is already registered with my app. createUserWithEmailAndPassword() 8 Answers 8 To detect whether a user with that email address already exists, you can detect when the call to createUserWithEmailAndPassword () fails with auth/email-already-in-use . I see that @Srinivasan just posted an answer for this. createUserWithEmailAndPassword () auth/email-already-in-use Alternatively, you can detect that an email address is already used by calling fetchSignInMethodsForEmail() (previous called fetchProvidersForEmail() ). fetchSignInMethodsForEmail() fetchProvidersForEmail() When the user trying to create an user with same email address, the task response will be "Response: The email address is already in use by another account." mFirebas...
Read more