Reputation: 675
Google OAuth's access token's expiry timezone
I recently switched to the Google+ Sign in OAuth2 hybrid approach.
When the request code is exchanged for the access token, the expiry time and created time is sent back along with the access token in seconds.
I need to know the sent timezone is. I need this to make comparison with my server's time and be able to deduce if access token has actually expired.
What's the timezone or how do I determine it?
Upvotes: 0
Views: 2180
Answers (2)
Reputation: 50701
The token bundle sent back does not include an actual expiration time, but it does contain the number of seconds for the expected life of the token. If a time is being attached to it, it is being attached by the local library.
That said - you can't necessarily trust this number. There are a number of reasons why the token may have been revoked or is treated as no longer valid. So while you can use it as an estimate of when you'll need to get a new one - you should also handle the case where you use a token and you get an authentication error, forcing you to refresh the token and try again.
Upvotes: 2
Reputation: 675
My bad.
I just went through the Google PHP APi client library. Only to realize the created field was set within the library (on my server) in Google_Auth_OAuth2's authenticate method.
So it is safe to use $client->isAccessTokenExpired() instead to try to do one's computation. Works with local time (I guess :))
Thank you.
Upvotes: 0
Related Questions
- Why do access tokens expire?
- OAuth v2 (Google API) expiry Access Token
- OAuth2 and Google API: access token expiration time?
- Google access token expiration time
- Google Oauth 2.0 Token Expire Time
- When will a google oauth2 refresh token expired?
- Google oAuth "expiry_date" format
- Does OAuth 2.0 refresh token expires at all?
- How does time zone relate to access token expiration?
- Google auth2 API has missing timezone info?