Reputation: 35
1hr time limit on tokens used for server-server authentication
Tokens obtained via OAuth 2.0 for service accounts expire after 1 hour.
If an HTTP session is still open while the 1 hour limit is reached (presumably due to many upload/download actions), will the connection stay alive until the session is closed?
Thanks.
--Lee
Upvotes: 1
Views: 348
Answers (1)
Reputation: 77251
If you are using OAuth to authenticate users in your website, you probably are not even using the token after the initial exchange with the OAuth provider. Most frameworks will create a cookie based session, for how long this session is valid is up to your setup. Usually the default is to keep the session while the browser is open, but it is really under your control.
On the other side, if you are using OAuth to access some API (for example, if you are using the GMail API to check or send email from inside your web application), then yes, you will not be able to access the API after the token is expired, no matter how much activity was seen while the token was fresh. If you want to keep authorized you need something like a background process to keep renewing the tokens before they expire.
Upvotes: 1
Related Questions
- Google API refresh token limit
- How do I request a access token that expires longer than 3599 seconds?
- Increase access token time in GCP UI or via python API
- How to get tokens valid for longer than 24h
- GoogleAPI oauth2 refresh token expires in 1 hour
- Gmail auth token expires within an hour
- Google access token expiration time
- Google Oauth 2.0 Token Expire Time
- How to make Google sign-in token valid for longer than 1 hour?
- How can I get a bearer token that lasts for more than 30 minutes to use on BigQuery