Question

Im trying to build and automated log in using Googles authSub, but I need to store data for the users the log in.

... and basically I don t get it. Should the token from Google change the 2nd time a user logs in, that user looses his / her info and you don t get any info like a userId that you can use to store information against it.

Unless the token does not change and you can store info against that token.

How would you store information (mySQL) for that token if it changes?

See http://code.google.com/apis/accounts/docs/AuthSub.html#WorkingAuthSub point 5

Answer 1

There are two kinds of token; I m going to assume that you re not talking about the single-use token obtained from a call to AuthSubRequest, but are talking about the long-lived session token obtained from AuthSubSessionToken

The page explicitly says that

Session tokens do not expire.

So no, the token shouldn t become invalid just because a user logs in again.

On the other hand, if you ignore your existing token and request a new one - yes, you ll end up with a different token.

There is one thing (other than your app calling AuthSubRevokeToken, which of course will result in the token being invalidated) that can result in the token becoming invalid: the user can visit the Change authorized websites page and choose to manually invalidate a token. If that happens, all you can do is throw out the old one and request a new token.

友情链接