Hi, On Wed, Jul 29, 2015 at 4:47 PM, Rajith Vitharana <[email protected]> wrote:
> Hi Ishara, > > Thanks for the response. As per [1], [2] google refresh tokens never > expires, quoting the statement "Refresh tokens are valid until the user > revokes access. This field is only present if access_type=offline is > included in the authorization code request" normally access tokens > expires in 60 mins. Further more there are no password grant type in > google. So we have to go to consent page to get the tokens. (Although there > is a service account concept where we need to a key to get access) > In that case I think its ok. But you will have to handle token revocations. > > [1] - https://developers.google.com/identity/protocols/OAuth2WebServer > [2] - > http://stackoverflow.com/questions/8953983/do-google-refresh-tokens-expire > > Thanks, > > > > On Wed, Jul 29, 2015 at 4:35 PM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi Rajith, >> >> On Wed, Jul 29, 2015 at 11:48 AM, Rajith Vitharana <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We are in the process of implementing Oauth2 support for google >>> spreasheets API. We have used "google-api-client" for this >>> purpose(dependency is in [1]) We are going to give a tool so that user can >>> generate Access token, Refresh token and store them in the DBS file. (going >>> to add the generation tool since google doesn't let us use Refresh tokens >>> generated by other clients) >>> >> >> What are the validity period of these refresh and access tokens. If >> refresh token has limited time this approach also not going to work as you >> expected. >> In that case there should be a way to get a new toke if access token or >> refresh token expired. even you should be able to handle token revocation >> scenarios. >> >> Thanks, >> Ishara >> >>> >>> We thought of only to save Refresh token in the dbs file since the >>> Access token will be expired after some time and it will make the dbs file >>> contain wrong data. Our approach will be to request and get a access token >>> in the dbs deployment time using the refresh token we have. Will this >>> approach be good to tackle the situation? >>> >>> [1] - <dependency> >>> <groupId>com.google.api-client</groupId> >>> <artifactId>google-api-client</artifactId> >>> <version>1.20.0</version> >>> </dependency> >>> >>> Thanks, >>> >>> -- >>> Rajith Vitharana >>> >>> Software Engineer, >>> WSO2 Inc. : wso2.com >>> Mobile : +94715883223 >>> Blog : http://lankavitharana.blogspot.com/ >>> >> >> >> >> -- >> Ishara Karunarathna >> Senior Software Engineer >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> > > > > -- > Rajith Vitharana > > Software Engineer, > WSO2 Inc. : wso2.com > Mobile : +94715883223 > Blog : http://lankavitharana.blogspot.com/ > -- Ishara Karunarathna Senior Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
