Why do Google accounts with `calendar` scopes aren't turning invalid when changing their password?

It is a known Google behavior to not invalidate the refresh token when an account is created with `calendar` scope only. Because of that, the refresh token remains valid and Nylas won't set the account's sync state to `invalid` nor send an `account.invalid` webhook. You can learn more in the linked article in the resources below.



Using OAuth 2.0 to Access Google APIs - Refresh token expiration


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Please sign in to leave a comment.