Y
Hacker News
new
|
ask
|
show
|
jobs
by
gerwim
886 days ago
Maybe not for Google, but it's not part of the OAuth spec. It's perfectly valid for refresh tokens to expire.
1 comments
nunez
886 days ago
Interesting. Many of the OAuth services I've used use non-expiring refresh tokens. Though I definitely agree; they should also have an expiry.
link