Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset.
Google aims to improve users’ security limiting the impact on the usability of its application, at least in this first phase so although initially planned for a wider set of applications, the OAuth 2.0 token revocation rule will be limited to the email mail service.
Source: As of Oct 5, automatic OAuth 2.0 token revocation upon password resetSecurity Affairs
You must log in to post a comment.