This article explains the OWIN OAuth 2.0 Authorization and how to implement an OAuth 2.0 Authorization server using the OWIN OAuth middleware. The token will be valid for a number of seconds defined in the authentication response. OAuth 2.0 (or simply put OAuth) is an Authorization framework – when a user requests access to a resource from a Service Provider (without providing their credentials) and is authorized by an Identity Provider (IdP) to access the resource i.e. You can request new access tokens until the refresh token is blacklisted. For more detail, refer to the v2.0 token reference. OAuth2 requires the use of HTTPS for communication between the client and the authorization server because of sensitive data passing between the two (tokens and possibly resource owner credentials). (not recommended) request = google.auth.transport.requests.Request() credentials.refresh(request) access_token = credentials.token Authenticate with an access token To send authenticated requests to the Realtime Database REST API, pass the Google OAuth2 access token generated above as the Authorization: Bearer header or the access_token=