CODEWITHSUNDEEP
authenticationoauthoauth-2.0google-api
Kar
Kar

Reputation: 6365

Is a refresh token same as a request token?

On http://code.google.com/apis/accounts/docs/OAuth2.html Google distinguishes between two kinds of tokens: refresh tokens and access tokens. Is a refresh token same as a more conventional request token? On http://oauth.net/core/1.0/ I can't find refresh tokens being mentioned anywhere. Or, is it new to OAuth2.0?

Upvotes: 2

Views: 7650

Answers (2)

Umesh Awasthi
Umesh Awasthi

Reputation: 23587

access token is a kind of authorization and is last part of handshaking between your application and oAuth system

Access Token indicates that your application has already passed all the verification steps and now can access the API/data on the user behalf.

Its kind of a key which is being handed over to you after verification and authorization from the concern part (use in our case).

refresh token is kind of a measure to allow access up to a certain time for API and if you again need the access you again have to get the Access Token.

Upvotes: 3

Jashwant
Jashwant

Reputation: 29025

Access tokens expire after a short time (3600 sec, I guess).

If you want to access user's account even after he's offline, you need a refresh token. You exchange refresh token to get a new access token once the old access token expires.

From the link you provided

Access tokens have a limited lifetime and, in some cases, an application needs access to a Google API beyond the lifetime of a single access token. When this is the case, your application can obtain what is called a refresh token. A refresh token allows your application to obtain new access tokens.

i.e. You need refresh token only when you need offline access, otherwise you dont need it all. Its optional.

Look into this link, it will provide everything about refresh tokens.

http://code.google.com/apis/accounts/docs/OAuth2WebServer.html

Upvotes: 4

Related Questions