Google: Why does the OAuth API use refresh tokens?
-
I've been hacking around with the Google OAuth API and it looks as if they're the only site I've worked with that gives you a refresh token. The access token expires after an hour but it's very easy to get a new one using the refresh token. I'm just wondering why they don't just make the access token have a longer time to expiration?
-
Answer:
Because in that way if one access_token is compromised it's only compromised until the next refresh :) I've now found out that refresh_token's are only issued to those requesting offline scope/permissions.
Christoffer Aasted at Quora Visit the source
Related Q & A:
- Why query optimizer doesn't use negative filter index?Best solution by Database Administrators
- Why it is important to use inclusive language?Best solution by wiki.answers.com
- Why is it important to use substitute energy?Best solution by answers.yahoo.com
- Why is it important to use the Scientific Method?Best solution by Yahoo! Answers
- Why do I have to use snowboard wax?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.