Google Refresh Token
Service Name: Google Cloud Platform
Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a range of services including computing, data storage, data analytics, and machine learning.
Service Address: [https://cloud.google.com/](https://cloud.google.com/)
Google Refresh Token
GOOGLE_REFRESH_TOKEN
-
Validation Type: API Auth
-
IP Allow list: Does not exist
-
Secret Access Scope: Grants long-term access to Google APIs on behalf of a user or service account, allowing applications to obtain new access tokens without requiring user interaction.
-
Secret Revokement URL: [
https://myaccount.google.com/permissions](https://myaccount.google.com/permissions) -
Secret Example:
1//0dXcLvC12_MFCgYIARAAGA0SNwF-L9IrGm-X4419xFT3DfcpLAJfMc9ztEHYmEZtSQZnXJUZhPTKZKgNPUBmXKqfT7-4YTzCDEA -
Suspicious Activity Investigation Instructions:
-
Check Google Cloud Console audit logs for unusual API calls or resource access
-
Review Google Admin console for unauthorized API usage patterns
-
Check for unexpected token refresh operations in application logs
-
Monitor for geographic anomalies in access patterns
-
Review OAuth consent screens for unauthorized changes
-
-
Mitigation Instructions:
-
Revoke the compromised refresh token through Google Cloud Console
-
Generate new credentials for affected applications
-
Review and update OAuth scopes to limit access permissions
-
Implement token rotation policies
-
Enable additional security controls like IP restrictions where possible
-
Update any client applications using the compromised token
-