Reputation: 34170
access_type=online vs offline, how to know which one to use
I have implemented Google oauth2 server flow for web, the first time that user logins using his/her google account I have to use access_type=offline to get a refresh token and save it to database but after that access_type=online will be enough.
I have read that google issues limited number of refresh tokens per client (I think the limit is 25 from what I read while I was searching) so after I got the refresh token I just want to use access_type=online.
But before the user logs in how should I know if I have the account associated refresh token or not.
I don't want to rely on cookies as user may remove cookies, several people use the browser and cookie might not equal to the user I have its acount and ...
Any Ideas how to detect it with google oauth or something like that before showing the login button?
Upvotes: 0
Views: 758
Answers (1)
Reputation: 53998
You can just continue to use access_type=offline. It just won't give you a new refresh token after the first time. This will work until the user revokes access for your client in which case you'll have to get a new one anyway.
Upvotes: 2
Related Questions
- When is access_type = Online appropriate? :OAuth2 - Google API
- What does "offline" access in OAuth mean?
- How to request offline_access from Google using .AddOpenIdConnect() in ASP.NET Core?
- "This app would like to: Have offline access" when access_type=online
- How to set AccessType as offline in Google.Apis.Core 1.9 in C#
- Adding Google API Offline access to a .NET Core app
- Always "Have Offline Access" | Google OAuth 2
- The App keeps asking for permission to "Have offline access", why?
- GoogleOAuth2AuthenticationOptions setting access_type as offline
- Google Oauth implementation on application login every time asking for permission to “Have offline access”, why?