Token duration is a policy decision. Each site decides on what they will grant. For example at LinkedIn we give the user the option of one day, one week, one year, or until revoked. To help partners we are planning on adding some of the OAuth Session<http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html> parameters to our responses, specifically oauth_expires_in
Obviously apps need to be able to handle expired tokens, since the user can revoke them at any time. On Thu, Mar 25, 2010 at 5:20 PM, Gary Young <gary.b.yo...@gmail.com> wrote: > I'm building an oAuth app that integrates with Contacts, and Gmail and > everything is working correctly, except that the oAuth access tokens > that I'm generating seem to only last 1 day. > > I was under the impression that oAuth access tokens should last > indefinitely as long as they are not revoked by the user or my > application. > > Can someone shed some light on this? > > Thanks! > > Gary > > webnexsys.com > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
