问题
According to https://groups.google.com/forum/#!forum/oauth2-dev discussion is now here.
No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.
Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.
It also makes the refresh token useless.
回答1:
If you request access_type=offline when making the initial request to https://accounts.google.com/o/oauth2/auth then you'll get back a refresh token along with the access token. This is documented here.
The refresh token does not expire, until the user explicitly revokes access to it from the Account -> Security -> "Connected applications and sites" page.
The other post you linked to seems to be related to SoundCloud, which presumably does things a little differently.
来源:https://stackoverflow.com/questions/16576964/google-oauth2-refresh-token-expires-when-access-token-does