Skip to content

Google Refresh Token

Service Name: Google Cloud Platform

Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a range of services including computing, data storage, data analytics, and machine learning.

Service Address: [https://cloud.google.com/](https://cloud.google.com/)

Google Refresh Token

GOOGLE_REFRESH_TOKEN

  • Validation Type: API Auth

  • IP Allow list: Does not exist

  • Secret Access Scope: Grants long-term access to Google APIs on behalf of a user or service account, allowing applications to obtain new access tokens without requiring user interaction.

  • Secret Revokement URL: [https://myaccount.google.com/permissions](https://myaccount.google.com/permissions)

  • Secret Example: 1//0dXcLvC12_MFCgYIARAAGA0SNwF-L9IrGm-X4419xFT3DfcpLAJfMc9ztEHYmEZtSQZnXJUZhPTKZKgNPUBmXKqfT7-4YTzCDEA

  • Suspicious Activity Investigation Instructions:

    • Check Google Cloud Console audit logs for unusual API calls or resource access

    • Review Google Admin console for unauthorized API usage patterns

    • Check for unexpected token refresh operations in application logs

    • Monitor for geographic anomalies in access patterns

    • Review OAuth consent screens for unauthorized changes

  • Mitigation Instructions:

    • Revoke the compromised refresh token through Google Cloud Console

    • Generate new credentials for affected applications

    • Review and update OAuth scopes to limit access permissions

    • Implement token rotation policies

    • Enable additional security controls like IP restrictions where possible

    • Update any client applications using the compromised token