Google and OAuth 2.0

Ben Bucksch ben.bucksch at
Tue Apr 29 16:17:24 UTC 2014

neandr at wrote, On 28.04.2014 20:10:
> Lightning hides that process from the user.
> That access key will be used to generate a token to work with your 
> mail/calendar. That token will expire after a certain time and your 
> application (mail/calendar) needs to generate a new token. Normally 
> the user should not notice about that for any session. 

Expiry indeed is a core problem. One-time setup - if it's really once 
and then never again - can be handled differently than something that 
can up at any random time.

How does that process work? All readable documentation I found about 
OAuth speaks about webpages. That is: not HTTP URLs, but random HTML 
served by Google, containing arbitrary challenges to the end user (e.g. 
enter phone number, Google sending a code there, enter that code) that 
only the allowed human can fulfill.

If tokens can expire and be refreshed by Lightning without (!) user 
interaction, I don't know how that would work. Can you expand, please?

More information about the tb-planning mailing list