The specification does not guide or limit the provider in implementing their own security policies and that includes the lifetime of tokens. Some providers may limit it intentionally to let users re-confirm that they still want to provide the access (or simply users should be logged on to their site on the browser) and others don't set any expiry, like Twitter which keeps tokens alive unless someone revokes them.
Lukas 2010/3/26 Gary Young <gary.b.yo...@gmail.com> > I'm building an oAuth app that integrates with Contacts, and Gmail and > everything is working correctly, except that the oAuth access tokens > that I'm generating seem to only last 1 day. > > I was under the impression that oAuth access tokens should last > indefinitely as long as they are not revoked by the user or my > application. > > Can someone shed some light on this? > > Thanks! > > Gary > > webnexsys.com > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- http://lukasrosenstock.net/ -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
