Reputation: 45
Google Refresh Tokens Lifetime
I've been searching around but have been seeing many conflicting answers. Is it correct that refresh tokens from Google never expire based off of time? Basically I am writing a service that'll poll my own account and so I wont run into the errors of
The user revoking access to the service (Since I'm the user)
The token hasn't been used for six months (I'm going to be polling and calling the Gmail API everyday)
The user account has exceeded a certain number of token requests. There is currently a 25-token limit per Google user account. (I'm not sure what this means but I think I'll only have 1 token active if someone could explain this)
Upvotes: 2
Views: 2529
Answers (1)
Reputation: 734
You are right, refresh tokens never expire based off of time. Points 1 and 2 are correct, if you don't revoke access to the application and you use it daily, you wont run into those problems.
About the third one, the limit has changed to 50 refresh tokens per user and it means you cannot have more than 50 active refresh tokens for a user. You can generate new ones, but the oldest refresh tokens will get revoked. Keep this in mind in case you generate new refresh tokens.
There is also another scenario where the refresh token could be revoked, if you change your password. You will need to handle this problem and update your refresh token.
You can find more information on this link: https://developers.google.com/identity/protocols/OAuth2#expiration
Upvotes: 4
Related Questions
- Do Google refresh tokens expire?
- Google API refresh token limit
- Understanding Google OAuth2 Refresh tokens
- GoogleAPI oauth2 refresh token expires in 1 hour
- Google OAuth2 refresh expires & does not renew
- When will a google oauth2 refresh token expired?
- Google Oauth2 API - No Refresh Token
- Does OAuth 2.0 refresh token expires at all?
- Google Oauth refresh Token
- OAuth 2.0 Access Tokens and Refresh Tokens