Increased account security via OAuth 2.0 token revocation

Google announced a policy change effective October 5, 2016, aimed at enhancing security for enterprise Gmail users by automatically revoking OAuth 2.0 tokens when users change their passwords. This change affects applications using Gmail-based authorization scopes by rendering their access tokens invalid upon a password change, requiring users to re-authorize access. Developers are advised to adjust their applications to handle HTTP 400 or 401 errors caused by revoked tokens and streamline the re-authorization process for users. The policy specifically targets mail scopes and excludes Apps Script tokens, while also aligning third-party mobile mail apps' behavior with that of native Gmail apps in requiring re-authorization post-password reset. This modification is part of Google's broader effort to ensure robust security measures while minimizing disruption to end-users and administrators.