OAuth 2.0: access_token unexpectedly invalid
199 views
Skip to first unread message
Simon Tannai
Jul 26, 2022, 5:00:50 PM7/26/22
to Google Cloud Developers
Hello 👋
I'm working on an application using Google OAuth.
After have stored both tokens, I'm checking the status of the access_token each minute with the token info endpoint: https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[THE_ACCESS_TOKEN].
Then, I control the expires_in from token info response. If the value of expires_in is lower than 300 seconds, I'm generating a new access_token with the previously given refresh_token and updating the new access_token and refresh_token in my database.
But, for an unknown reason, several access_token become invalid randomly. When it's happenninh, I have this response from token info:
For example, I had a valid token at 17:38:55 with an expires_in value of 1443. At 17:39:55, so one minute later, this same access_token was invalid.
It was the 25 refreshed token, so the limit of 50 for a given refresh_token was not reached.
My client told me he did not revoke the app from his Google account.
Our application is in production.
How explain this ? And how to fix it or manage it ?
Many many thanks for your help 🙏
I'm working on an application using Google OAuth.
Based on back-end workflow, I'm using offline access_type and consent prompt.
When the user makes the authentication process, I get an access_token and refresh_token as expected.
When the user makes the authentication process, I get an access_token and refresh_token as expected.
After have stored both tokens, I'm checking the status of the access_token each minute with the token info endpoint: https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[THE_ACCESS_TOKEN].
Then, I control the expires_in from token info response. If the value of expires_in is lower than 300 seconds, I'm generating a new access_token with the previously given refresh_token and updating the new access_token and refresh_token in my database.
But, for an unknown reason, several access_token become invalid randomly. When it's happenninh, I have this response from token info:
{
"error_description": "Invalid Value"
}
"error_description": "Invalid Value"
}
For example, I had a valid token at 17:38:55 with an expires_in value of 1443. At 17:39:55, so one minute later, this same access_token was invalid.
It was the 25 refreshed token, so the limit of 50 for a given refresh_token was not reached.
My client told me he did not revoke the app from his Google account.
Our application is in production.
How explain this ? And how to fix it or manage it ?
Many many thanks for your help 🙏
Reply all
Reply to author
Forward
0 new messages