[Users] OAUTH2 Authorisation Status

David Fletcher David at megapico.co.uk
Sat Apr 2 13:44:44 UTC 2022


> The fix that stores the refresh token with every access is that not
> only in git?
> If so, this should be fixed in the coming release.

Hi Michael,

I think that recent fix about the refresh tokens only affected Microsoft
servers. They were issuing a new refresh token with every fetch of an
access token. Their refresh token had a life of something like 30 days -
so as long as you keep logging in, there's a chain of updated refresh
tokens that keeps you going without re-authentication. If you stop using
the application for a while you'd need to re-authenticate.

Maybe Google has changed to that method too? They were previously issuing
one refresh token when you first authenticated, and this would last
indefinitely (or at least a very long time) to supply new access tokens.
But they weren't issuing new refresh tokens with each connection.

If Google has switched to the way Microsoft is doing it then the latest
update in git would address this.

Best regards, David.


More information about the Users mailing list