Re: [oauth] Google oAuth Access Token Longevity
The specification does not guide or limit the provider in implementing their own security policies and that includes the lifetime of tokens. Some providers may limit it intentionally to let users re-confirm that they still want to provide the access (or simply users should be logged on to their site on the browser) and others don't set any expiry, like Twitter which keeps tokens alive unless someone revokes them. Lukas 2010/3/26 Gary Young gary.b.yo...@gmail.com I'm building an oAuth app that integrates with Contacts, and Gmail and everything is working correctly, except that the oAuth access tokens that I'm generating seem to only last 1 day. I was under the impression that oAuth access tokens should last indefinitely as long as they are not revoked by the user or my application. Can someone shed some light on this? Thanks! Gary webnexsys.com -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com oauth%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- http://lukasrosenstock.net/ -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
[oauth] Google oAuth Access Token Longevity
I'm building an oAuth app that integrates with Contacts, and Gmail and everything is working correctly, except that the oAuth access tokens that I'm generating seem to only last 1 day. I was under the impression that oAuth access tokens should last indefinitely as long as they are not revoked by the user or my application. Can someone shed some light on this? Thanks! Gary webnexsys.com -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
Re: [oauth] Google oAuth Access Token Longevity
Token duration is a policy decision. Each site decides on what they will grant. For example at LinkedIn we give the user the option of one day, one week, one year, or until revoked. To help partners we are planning on adding some of the OAuth Sessionhttp://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html parameters to our responses, specifically oauth_expires_in Obviously apps need to be able to handle expired tokens, since the user can revoke them at any time. On Thu, Mar 25, 2010 at 5:20 PM, Gary Young gary.b.yo...@gmail.com wrote: I'm building an oAuth app that integrates with Contacts, and Gmail and everything is working correctly, except that the oAuth access tokens that I'm generating seem to only last 1 day. I was under the impression that oAuth access tokens should last indefinitely as long as they are not revoked by the user or my application. Can someone shed some light on this? Thanks! Gary webnexsys.com -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com oauth%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en. -- You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.