I've been reading Google's oauth2 documentation for Client-side applications. I was surprised that nowhere does it mention refresh tokens. Also, their examples hint that the access_token has a default TTL of 3600 seconds. Clearly, I do not want my active users needing to relogin once every hour.
Question: Is there a reason why the Client-side oauth2 implementation doesn't support refresh tokens? Or, is this supported by Google but simply not documented?
Aucun commentaire:
Enregistrer un commentaire