google oauth2 refresh token limit

Question

I'm developing a web application that needs to access 100 or more different Google Calendars using OAuth2. All the calendars are on different accounts with their respective users. I came across this paragraph from Google:

"Note that there are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients. You should save refresh tokens in long-term storage and continue to use them as long as they remain valid. If your application requests too many refresh tokens, it may run into these limits, in which case older refresh tokens will stop working."

My app, as advised, is using access tokens and then storing the refresh tokens in a database for later use. I am wondering if I will reach a limit to the number of calendars my refresh tokens will work with? Has anyone experienced difficulty before with refresh tokens stop working after a limit is reached. The paragraph mentions two limits but I'm not sure if my app will be affected as each calendar is a different user. I'm not sure what Google means by 'and another per user across all clients' limit?

Anyone with experience or knowledge in this please help.

Thank you in advance.

Possible duplicate of [Google API refresh token limit](http://stackoverflow.com/questions/26135980/google-api-refresh-token-limit) — Prafulla Kumar Sahu, Nov 18 '15 at 07:47

score 4 · Answer 1 · answered Feb 21 '14 at 16:45

4

Neither of the limits applies to your scenario, so you shouldn't have any problems.

The "one limit per client/user combination" is 25, so you can't obtain more than 25 refresh tokens for any given user. But you only need one, so that's fine.

"per user across all clients" is saying either:-

that a user can only authorize a certain number of projects, but I'm guessing that's a pretty big number.
It's saying there is a limit on how many clients per project are allowed, but again, you only need one.

answered Feb 21 '14 at 16:45

pinoyyid

21,499
14
64
115

Hey @pinoyyid, where did you get this number? I've been looking for docs that support the statement but can't seem to find them. – Michael Alan Huff Aug 14 '14 at 23:35
It's not in the published docs. As i recall, it was in an answer from a googler, either here on SO or on G+. Being undocumented, it's prone to change without warning so shouldn't be something you rely on. Most apps only ever need one, so double check you have understood the scope of refresh tokens correctly. – pinoyyid Aug 15 '14 at 02:51

score 2 · Answer 2 · answered Apr 10 '15 at 20:08

2

Here is the doc that shows the limit of 25 tokens: https://developers.google.com/identity/protocols/OAuth2

answered Apr 10 '15 at 20:08

Brian Lewis

152
2
4

Hi Brian, while this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. Please take a look here: [Why and how are some answers deleted?](http://stackoverflow.com/help/deleted-answers) – bummi Apr 10 '15 at 20:14

google oauth2 refresh token limit

2 Answers2