Will an old refresh token still be valid if a new refresh token get issued?

1
votes

My application uses a Google refresh token (to get access_token from Google). I have two questions here:

  1. I know Google refresh token does not expire for 6 months (see the doc here); say I got a refresh token refresh_token_old at 5:00pm on Jan 1st , and my application requests another refresh token refresh_token_new from Google at 5:30pm on Jan 1st (i.e., just 30 minute later), will the old refresh token still be valid (apparently the old one has not been expired)? -- basically, I am asking if the newly issued refresh_token purges the validity of the old refresh_token;
  2. For the access token, access_token_a, which I got from Google using refresh_token_old, is it still valid after my app requested the new fresh token refresh_token_new? -- basically, I am asking if the new refresh_token purges the validity of the access_token obtained by an old refresh_token even if that access_token has not expired;
1
oauth-2.0google-apigoogle-oauthaccess-tokenrefresh-token

1 Answers

0
votes
  • A refresh token will expire if it has not been used for six months. A soon as it is used the six month timer will reset.
  • If you request a refresh token, your application then requests another refresh token you technically have two outstanding refresh tokens, both will work. You can keep doing this and have up to fifty out standing refresh tokens as soon as you hit that point the first one will expire.
  • any access token created with any refresh token is good for an hour. Even if the refresh token that created it has expired during that hour. Once an access tokens is created it will work for an hour not matter what.