When I obtain an access_token from the Google API, it comes with an expires_in value. According to the documentation, this value indicates "The remaining lifetime of the access token".
What are the units of this value?
160
votes
Because 99.9% of the time when you have a number representing time it's either seconds or subdivision of it, and milli/microseconds makes no sense for this case?
– Venge
@FrankLaRosa : is there any way to set expiry of access token to unlimited.
– hardik
i repeat the seme thing: please accept the answer below if that is satisfactory, thanks! However the units of this value is seconds.
– Davide Castronovo
@Hardik, how can I make expiry time unlimited? did you found any solution?
– Jay Patel
Interestingly, what is the relationship between expiring and allow a refresh (to get a new token)? If yuo wait till it expires to get a new token, some api calls will fail in between. If you "refresh" too early, you will just get the old token back. how do you know when you can get a new token, relative to the supplied expires_in?
– John Little
4 Answers
104
votes
The spec says seconds:
http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2.2
expires_in
OPTIONAL. The lifetime in seconds of the access token. For
example, the value "3600" denotes that the access token will
expire in one hour from the time the response was generated.
I agree with OP that it's careless for Google to not document this.
90
votes
Have a look at: https://developers.google.com/accounts/docs/OAuth2UserAgent#handlingtheresponse
It says:
Other parameters included in the response include
expires_inandtoken_type. These parameters describe the lifetime of the token in seconds...
7
votes
From Google OAuth2.0 for Client documentation,
- expires_in -- The number of seconds left before the token becomes invalid.
