I'm noticing that I constantly get redirected to Google's login screen. Multiple times a day. This is annoying as it distracts me from the problem I'm working on at the moment.

I'm opening this ticket to raise awareness and also record my research.

I suspect the problem is caused by the plugin not refreshing the otherwise short-lived access token. See the discussion in the google-oauth-plugin about this behavior and what the plugin is expected to do. If my hypothesis is correct, I expect others to be seeing the same problem, because we don't get to control how long an access token lives, that's entirely dictated by Google. So plase vote on this issue if you are also affected by this.

Update: I looked at the code briefly and I'm not seeing anything in there that gets affected by the short expiration of an access token. I'm now suspecting this is the lack of "remember me" integration. The authentication established after OAuth gets tied to HTTP session, which has relatively short expiration (30 mins apparently) and unless the user information is remembered by the browser as a cookie (aka "remember me"), it's gonna cause the reauthentication. I'm going to test this theory by first increasing the session timeout in Jetty and if that produces the behaviour I expect. Then I need to refresh myself how the remember me stuff works.

Update: I put the above change in production for one day and indeed that got rid of the problem. So the next step is to integrate Google Loggin with remember me.