Case Scenario : Suppose a user logs into a third party website using google Oauth. By default the google access token has the expiry time of about 3600 seconds.
If , after logging into the third party website
In the above cases does the access token get expired ?
In the above cases does the refresh token get expired?
Does the below link give the actual information about the access token in any one the above scenario.
https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=
Suppose a user logs into a third party website using google Oauth.
Oauth2 is not for sign in (authencation) it is for authorization. So a user would not login to a third party website using oauth2 they would login to a third party website using their google account and open id connect.
By default the google access token has the expiry time of about 3600 seconds.
Industry standard for Oauth2 stats that an access token would expire after an hour or 3600 seconds.
In the above cases does the access token get expired ?
No access tokens are self contained bearer tokens. They will work until they expire in this case an hour. There is no additional validation on them it is assumed that the bearer of said token has access to the data for an hour. Yes even if they delete the access.
In the above cases does the refresh token get expired?
if the user revokes your access via their google account. All outstanding refresh tokens are removed immediately they will no longer work.
Does the below link give the actual information about the access token in any one the above scenario.
The UserInfo endpoint (is a standard endpoint) which can be used to retrieve identity information about a user who has authorized the application.
information returned can vary by server but it is most often. Username, profile name, can contain email address and birthdate.
The end point will return the info as long as the access token has not expired.