0

What Google APIs were/are affected by the Heartbleed bug? I'm mostly curious if the API for exchanging a refresh token for an access token is affected because the Google Drive APIs only use transient access tokens anyway so they're mitigated.

Should we recommend our users to re-authorize? This is to invalidate the old and then have a new refresh token.

user1828559
  • 241
  • 1
  • 5

1 Answers1

0

Yes its a good idea to invalidate tokens and also change passwords. See here: http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html

Zig Mandel
  • 19,571
  • 5
  • 26
  • 36
  • As of 4/21/14, that post by Google does not mention Drive and states "We are still working to patch some other Google services". Until they patch the service, it doesn't make sense to change any tokens or passwords. Would be great if Google would give us a definitive answer. – Art Apr 21 '14 at 21:30