Reputation: 13
How do I Invalidate refresh token for google after changing google password?
I have written a script for refreshing access token in nodejs. But I am facing an issue, If I change my google password then also I can generate new access token using refresh token. Is there any way I can get some kind of flag saying this user has changed the password. In NODEJS.
I just need flow, no need of code. I can code myself.
Thanks, Ajinkya
Upvotes: 1
Views: 604
Answers (1)
Reputation: 117176
No.
The whole point of Open authentication is that you the user are granting an application access to your data. This is independent of your login and password.
The only way for an application to loose access is if the user revokes said access. Changing the password will not effect access.
No, there is no way of asking Google when the user last changed their password.
How to revoke a refresh token:
Upvotes: 1
Related Questions
- Where to store the refresh token on the Client?
- How can I verify a Google authentication API access token?
- What is the purpose of the implicit grant authorization type in OAuth 2?
- What is the difference between the OAuth Authorization Code and Implicit workflows? When to use each one?
- Refresh Token Jsonwebtoken
- Google token refresh returns "Token has been expired or revoked."
- Android: How to get Refresh Token by Google Sign-In API?
- Google API - listen for expired token with library
- How to get a new Google oauth access token from refresh token in passportjs
- Can not get refresh token for google drive (google API v2)