Google API refresh token limit

后端 未结 1 1525
北恋
北恋 2020-12-07 21:30

I\'m developing an application wherein I need to access multiple google calendars. All these calendars come from different users. And right now I am using OAuth2 for the syn

相关标签:
1条回答
  • 2020-12-07 21:57

    Its 50 per user (client-user) as in User of your Client. Not client_id. For each person that authenticates your application you can have them authenticate it up to 50 times. Each Refresh token you receive will work. After the 50th the first one will stop working. They will also work for up to 6 months I think, if it hasn't been used for 6 months it will be invalidated.

    You can have as many people use your Client (client_id) as are willing to authenticate you. You wont have any problems.

    From Google Oauth2 Documentation found here

    Token expiration

    You must write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:

    • The user has revoked access.

    • The token has not been used for six months.

    • The user changed passwords and the token contains Gmail scopes.

    • The user account has exceeded a certain number of token requests.

    There is currently a limit of 50 refresh tokens per user account per client. If the limit is reached, creating a new token automatically invalidates the oldest token without warning. This limit does not apply to service accounts.

    There is also a larger limit on the total number of tokens a user account or service account can have across all clients. Most normal users won't exceed this limit but a developer's test account might.

    If you need to authorize multiple programs, machines, or devices, one workaround is to limit the number of clients that you authorize per user account to 15 or 20. If you are a Google Apps admin, you can create additional admin users and use them to authorize some of the clients.

    Question: Where did you find this? I would like to report it to Google its a bit confusing

    Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.

    0 讨论(0)
提交回复
热议问题