Hello everyone,
Basically I am a newbie who is trying to build some web app/tools on google workspace and I am in need of some serious help.
Context: I am trying to create an application like zapier, where users can signup via OAuth 2.0 so that I can interact with their google servies like calendar, mails etc and provide them services accordingly.
Problem: I want to publish my web app, and before doing that I have a lot of questions and doubts regarding it's scalability :-
1. For testing application refresh token expires in 7 days, so how long will a refresh token last on a published web app ?
2. Can I set custom lifetime for refresh tokens generated via my client id (if yes, how) ?
3. I read that in google OAuth2, at a time it can have only 100 refresh tokens in circulation. Then how can I build an application that could cater to 1000-50,000 clients simultaneously where every individual will have his own set of tokens ??
It would be very grateful to anyone who could help me or guide me in right direction.
Solved! Go to Solution.
Yes, your unique client-id has a limit of 100 refresh tokens. But if the limit is reached, creating a new token will automatically invalidate the oldest refresh token without any warning.
If you want to scale up, you can use service accounts because they are not affected by the limit of 100 refresh tokens. There is also a larger limit on the total number of refresh tokens a user account or service account can have across all clients
Hello @varunmukherjee5,
Welcome to the Google Cloud Community!
To answer your questions:
Let me know if it helped, thanks!
Thank you very much for you help @Marramirez.
But, can you please elaborate on your 3rd point, basically that's confusing me 😅.
Let me take an example to explain my problem: so let's say I register my web-app for O-Auth2 then I will get a unique 'client-id' and 'client-secret' as credentials. And what I infer from your text is that 'using my client-id and secret I can authorize 100 users (via OAuth2) and issue them refresh tokens'. Since I have only 1 pair of 'client-id and secret' then how can I scale my app for let's say 1000 users ?
Yes, your unique client-id has a limit of 100 refresh tokens. But if the limit is reached, creating a new token will automatically invalidate the oldest refresh token without any warning.
If you want to scale up, you can use service accounts because they are not affected by the limit of 100 refresh tokens. There is also a larger limit on the total number of refresh tokens a user account or service account can have across all clients