Konubinix' opinionated web of thoughts

Google Oauth2 Testing Refresh Token == 7 Days


OAuth 2.0, refresh token

Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of “Testing” is issued a refresh token expiring in 7 days, unless the only OAuth scopes requested are a subset of name, email address, and user profile (through the userinfo.email, userinfo.profile, openid scopes, or their OpenID Connect equivalents).


According to Google docs:

Authorizations by a test user will expire seven days from the time of consent.

So it would appear that the only way to get a GMail token that lasts for more than a week is to “publish” the app and move it to “production” status. Looking at the “verification requirements” this doesn’t seem like a realistic prospect for a dummy app used solely to configure some Postfix setup.


Are you using the same Gmail account to both create the app and then authorize its use? As far as I know that’s how the personal-use exemption works, and if you’re using different accounts then yes, you’ll hit the testing-mode issue.


was able to get a token with the app in “production” (unverified) mode


results are in:

With the app in “Publishing status: Testing”, the OAuth token expires after 7 days even if the app is owned by the same account as the GMail user. With the app in “Publishing status: In production”, the OAuth token still works after 7 days even if the GMail user is different from the app owner.

I will send a PR to update the README accordingly.


how to get more than 7 days for personal use

I filled the form to move to production, I even https://youtu.be/6xxDYUxY_s8 because I to was told to.

I received a mail to go on the process. With something like this:


If your application is for Personal use only:

The app is not shared with anyone else or will be used by fewer than 100 users. Hence, you can continue using the app by bypassing the unverified app warning during sign-in. It is recommended, however, that your project’s publish state is set to testing and continue to use your app under testing mode.


— confirmation mail after trying to move to in production

I answered


I would like to use this application for personal use only, without the burden of getting a new refresh token every week.

It read that I people do this using an application in the “In production (unverified)” state.

I am doing the right procedure to reach that state?

My best,

— my answer

Now, the state is “in production”

There are steps to do to bypasse the “insecure” screen, but that does not concern me, because my aim is not to publish a public application.