Re: About refresh tokens

yutaka-takai · 01-24-2023 09:43 PM

https://www.googlecloudcommunity.com/gc/Developer-Tools/Verification-of-apps-already-in-production-u...
Please allow me to make an additional confirmation of the question asked at the URL above.

Currently, the authentication is done using a refresh token.
We have checked the following URL and found that the refresh token does not have an expiry date set
In the reason why the refresh token expires, the application verification does not state that the refresh token is set to expire.
https://cloud.google.com/docs/authentication/token-types#refresh
https://developers.google.com/identity/protocols/oauth2#expiration

Can I assume that app verification does not affect the expiry date of the refresh token?
We would like to confirm this because if the token information already registered will no longer be available, this will cause more work for the user.

dionv

Hello yutaka-takai,

The refresh_token is only provided on the first authorization from the user. Subsequent authorizations, such as the kind you make while testing an OAuth2 integration, will not return the refresh_token again. You can check this documentation for reference.

yutaka-takai

Thank you for your reply.

From the stackoverflow link you provided, I understand that the refresh token can only be retrieved on the first authentication and not again on subsequent authentications.

So is that refresh token disabled by the application verification?
Or does it mean that the user has no choice but to perform the authentication again, as it will be deactivated by the application verification?