Is the OAuth 2.0 Token Forever Unique to the Provider?

Question

Is the OAuth 2.0 Token Forever Unique to the Provider?

When an OAuth 2.0 provider issues a token, is that token value forever unique to the provider? Or is it possible that sometime in the future, apparently, after the token expires, another token, potentially for another user, can be issued with the same value? In the search, I found a lot of information about the expiration of the tokens, but no details about whether this token value could potentially be reused in the future.

+2

oauth-2.0 unique token provider

Duke Jun 09 '12 at 8:47

source share

2 answers

If you use something like a UUID - it is time-dependent and unique - so you should NOT make them reusable. Taking into account that you will generate tokens at different points in time - they will all be different.

0

Artem oboturov Jun 09 '12 at 14:26

source share

Scott T. · Accepted Answer · 2012-06-10T23:53:48+0000

This has nothing to do with the OAuth 2 specification, which guarantees this. This is a specific implementation if there is a chance of a collision or not. You should ask your OAuth AS provider what the probability is. But I agreed with Artyom - it sounds strange if you are trying to uniquely identify users based on what is supposedly just an API (access) token.

Is the OAuth 2.0 Token Forever Unique to the Provider?

More articles: