Skip to content

Google OAuth Refresh Token

Service Name: Google Cloud Platform

Service Description: Google OAuth Refresh Tokens are long-lived credentials that allow applications to obtain new access tokens without requiring user interaction after the initial authorization. These tokens are used with Google APIs and services to maintain persistent access to user data and Google services.

Service Address: https://cloud.google.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Google Cloud project level using VPC Service Controls or through the Google Cloud Console security settings.

Secret Access Scope: Grants persistent access to Google APIs and services on behalf of a user or service account. The specific access depends on the scopes requested during the initial OAuth authorization flow.

Secret Revokement URL: https://myaccount.google.com/permissions

Secret Example: 1//0eXAMPLE-TOKEN-REFRESH-EXAMPLE-TOKEN123456789012345678901234567890

Suspicious Activity Investigation Instructions:

  • Review Google Cloud audit logs for unusual API calls or resource access
  • Check Google Cloud Console for unexpected project activity
  • Monitor for unauthorized service usage or resource creation
  • Review OAuth token usage in the Google Cloud Security Center
  • Check for unexpected application access in the user's Google Account

Mitigation Instructions:

  • Navigate to Google Account permissions.
  • Identify and revoke access for the compromised application.
  • Generate new OAuth credentials for legitimate applications.
  • Consider implementing more restrictive OAuth scopes for applications.
  • Enable enhanced security features like 2-Step Verification for the Google account.
  • Review and update Google Cloud IAM policies to enforce the Principle of Least Privilege.
  • Consider implementing VPC Service Controls to restrict API access by IP address.