5

According to https://groups.google.com/forum/#!forum/oauth2-dev discussion is now here.

No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh

However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.

Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.

It also makes the refresh token useless.

4

1 回答 1

7

如果您access_type=offline在发出初始请求时请求,https://accounts.google.com/o/oauth2/auth那么您将获得一个刷新令牌以及访问令牌。这在此处记录

刷新令牌不会过期,直到用户从“帐户”->“安全”->“已连接的应用程序和站点”页面明确撤销对它的访问权限。

您链接到的另一篇文章似乎与 SoundCloud 有关,它的作用可能有所不同。

于 2013-05-16T03:39:11.087 回答