Does the token generated by Google's AuthSub change when a user logs into your application for the 2nd or 3rd time?
https://stackoverflow.com/questions/1989738
-
22-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Im trying to build and automated log in using Googles authSub, but I need to store data for the users the log in.
... and basically I don't get it. Should the token from Google change the 2nd time a user logs in, that user looses his / her info and you don't get any info like a userId that you can use to store information against it.
Unless the token does not change and you can store info against that token.
How would you store information (mySQL) for that token if it changes?
See http://code.google.com/apis/accounts/docs/AuthSub.html#WorkingAuthSub point 5
Solution
There are two kinds of token; I'm going to assume that you're not talking about the single-use token obtained from a call to AuthSubRequest, but are talking about the long-lived session token obtained from AuthSubSessionToken
The page explicitly says that
Session tokens do not expire.
So no, the token shouldn't become invalid just because a user logs in again.
On the other hand, if you ignore your existing token and request a new one - yes, you'll end up with a different token.
There is one thing (other than your app calling AuthSubRevokeToken, which of course will result in the token being invalidated) that can result in the token becoming invalid: the user can visit the Change authorized websites page and choose to manually invalidate a token. If that happens, all you can do is throw out the old one and request a new token.
