Google access token expiration time

oauth-2.0

When I obtain an access_token from the Google API, it comes with an expires_in value. According to the documentation, this value indicates "The remaining lifetime of the access token".

What are the units of this value?

Because 99.9% of the time when you have a number representing time it's either seconds or subdivision of it, and milli/microseconds makes no sense for this case?

@FrankLaRosa : is there any way to set expiry of access token to unlimited.

i repeat the seme thing: please accept the answer below if that is satisfactory, thanks! However the units of this value is seconds.

@Hardik, how can I make expiry time unlimited? did you found any solution?

Interestingly, what is the relationship between expiring and allow a refresh (to get a new token)? If yuo wait till it expires to get a new token, some api calls will fail in between. If you "refresh" too early, you will just get the old token back. how do you know when you can get a new token, relative to the supplied expires_in?

Community

The spec says seconds:

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-22#section-4.2.2

expires_in
    OPTIONAL.  The lifetime in seconds of the access token.  For
    example, the value "3600" denotes that the access token will
    expire in one hour from the time the response was generated.

I agree with OP that it's careless for Google to not document this.

You must click on "OAUTH 2.0 ENDPOINTS" tab

stewe

Have a look at: https://developers.google.com/accounts/docs/OAuth2UserAgent#handlingtheresponse

It says:

Other parameters included in the response include expires_in and token_type. These parameters describe the lifetime of the token in seconds...

what token does expires_in refer to: access token or refresh token?

@AlexanderSupertramp that should refer to access token as a refresh token is used to get new access tokens when the user is offline.

msysmilu

Since there is no accepted answer I will try to answer this one:

[s] - seconds

SkyWalker

From Google OAuth2.0 for Client documentation,

expires_in -- The number of seconds left before the token becomes invalid.

It's not on that page anymore, max value can be entered as 3900 but actual value is 3600. Wonder if there's a way to have a non-expiry token?

see this link on that page: developers.google.com/identity/protocols/… but i don't know how to obtain a non-expiriy token howewer i think use such tokens it's a bad design for security.

yeah my google token got expire after few seconds

is it always in seconds? i encountered a token in another api that has an expiry time of "1611992051". It seems impractical for that to be in seconds, or even miliseconds for that matter.

Google access token expiration time

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Contact US