什么是“刷新令牌”的生命周期？ [英] What's the lifetime of "refresh token"?

问题描述

文档不清楚刷新令牌应该持续多长时间。这似乎意味着它与"访问令牌"大约在同一时间，这是一个小时。但是，在实践中似乎并非如此，因为我能够使用
24小时前生成的相同刷新令牌来请求新的访问令牌。在Google上，其文档清楚地表明刷新令牌会无限期地持续，直到有人撤消它。 Bing Ads也是如此吗？

-Kevin

解决方案

嗨Kevin。

我们不会为刷新令牌发布有限的时间限制，并保留随时更改它的权利。你可以把它想象几个月到一年的顺序。它必须比访问令牌持续更长时间，因为当访问令牌到期时，需要刷新
令牌。我们将更新文档以澄清。

虽然刷新令牌有可能在几个月或一年后过期，但更有可能在相同的持续时间内更改密码或删除可信设备会导致刷新令牌无效。在每个场景中，
刷新令牌都将失败，并且将再次需要用户界面授权工作流程。

我希望这有帮助！

Hi,

The documentation is not clear about how long the refresh token should last. It seems to imply that it lasts about the same time as "access token", which is one hour. However, in practice it doesn't seem to be the case because I was able to use the same refresh token that was generated 24 hours ago to request a new access token. On Google, its documentation clearly indicates that refresh token lasts indefinitely until someone revokes it. Is it true for Bing Ads as well?

-Kevin

解决方案

Hi Kevin.

We don't publish a finite time limit for the refresh token, and reserve the right to change it anytime. You can think of it on the order of several months to a year. It has to last longer than an access token because when the access token expires the refresh token is needed. We will update the docs to clarify.

While it is possible that a refresh token could expire after several months or a year, it is more likely in the same duration that password changes or removal of trusted devices would cause the refresh token to become invalid. In each scenario the refresh token would fail and the user interface authorization workflow would be required again.

I hope this helps!

这篇关于什么是“刷新令牌”的生命周期？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！