top | item 39055726 (no title) gerwim | 2 years ago Maybe not for Google, but it's not part of the OAuth spec. It's perfectly valid for refresh tokens to expire. discuss order hn newest nunez|2 years ago Interesting. Many of the OAuth services I've used use non-expiring refresh tokens. Though I definitely agree; they should also have an expiry.
nunez|2 years ago Interesting. Many of the OAuth services I've used use non-expiring refresh tokens. Though I definitely agree; they should also have an expiry.
nunez|2 years ago