Sreelakshmi's response is basically correct - and the witnessed behavior is intended.
What you can do: 1. Build a "logout" functionality which revokes the refreshtoken. 2. Tell the user to visit My Google Account <https://myaccount.google.com/> web page (login as the intended user) and then follow the link "Connected apps and sites". This page is a true gem! You can withdraw any app or site, each corresponds to a refreshtoken. If you want to automatically log out when the password changes, that is possible too: The documentation on expiration of tokens <https://developers.google.com/identity/protocols/OAuth2#expiration> states a refreshtoken also expires when "The user changed passwords and the token contains Gmail scopes.". Remember that when you ask the user to authorize, you pass a scope telling you want to access the AdWords information. You can actually pass multiple scopes and use the same token for multiple APIs. So if you add one of the gmail scopes <https://developers.google.com/gmail/api/auth/scopes> then all should be OK. The downside is that when authorizing, the user sees that your software not only needs access to his AdWords accounts, but also to his gmail. Hope this helps. On Wednesday, March 22, 2017 at 12:57:23 PM UTC+1, cv wrote: > > Hello, > > I am using Oauth 2.0 for Authentication and I have used Authorization Code > Grant and requesting an “offline” scope. > > I have refreshtoken with me, based on refreshtoken I am able to get Access > Token > > Now my client has changed the password 3-4 days ago, but I can still get > the data with refreshtoken I have with old password. > > Does this right behaviour? > > I am thinking If password changed I cannot get data with immediate effect. > > This looks like little wired, please let me know what I can do to prevent > this? > > > Thanks, > > > > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/d6a190e1-57f9-46ca-bd2d-1f929ffa04a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
