What are the lifespans of the different tokens Nylas provides or uses?

Integrating with Nylas involves dealing with different types of tokens, each having its own lifecycle and peculiarities. This article aims to clarify these token types, their lifetimes, and how they interact with Nylas and third-party providers like Microsoft and Google.

 

Nylas Access Tokens

Nylas Access Tokens do not have a predefined expiration date. However, Nylas proactively expires them if the underlying provider credentials (OAuth or Basic) become invalid.


Provider OAuth Refresh Tokens

The lifespan of OAuth Refresh Tokens is determined by the respective providers:

  • Microsoft: By default, Microsoft sets the expiration of these tokens at 90 days. However, it's important to note that administrators can alter this default setting.
  • Google: Google's OAuth Refresh Tokens generated by a production application typically do not expire, offering an indefinite lifespan. Though a Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.

 

Provider Access Token

These tokens are usually valid for a duration of 1 hour. Nylas handles the refreshing of these tokens seamlessly using the account’s stored refresh token.

 

Special Note on Microsoft Refresh Tokens

An interesting aspect of Microsoft's mechanism is the issuance of a new refresh token upon each request for a new access token. Nylas leverages this feature to extend the lifespan of a Microsoft Refresh Token as much as possible. In the early stages of integration, Nylas uses the original Microsoft refresh token a few times. Subsequently, Nylas replaces this original token with the new one provided by Microsoft. It's crucial to understand that after its replacement by Nylas, the original Microsoft refresh token will no longer see activity generated by Nylas. Microsoft has a policy of revoking any refresh token that remains inactive for 90 days.

 

Resources

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.