I'm writing a picture frame app for my grandma on Android that will update automatically with pictures from her Picasa album. (Not that she knows what Picasa is.) The app will log in to Picasa automatically using her registered Google account. (Not that she knows what a Google account is, or that she has one.)

Through much pain and reading erroneous/obscure/contradictory/vague documentation, I am slowly starting to have my app authenticate itself using the default Android Google account. Of course the first time that access is made, I get a notification and I must enter the Google password. I then get an auth token I can use for future requests, so that the picture viewer can happily update its photos without bothering Grandma to enter some password.

The question: how long will it be until my auth token to Picasa will expire? An hour? A day? A week? Will my picture viewer suddenly stop showing pictures to Grandma and ask her to enter her password? The whole point of this exercise is to make things easy for Grandma.

They don't last all that long, but you just call AccountManager.invalidateAuthToken() on a 401 or 403, and then re-call AccountManager.getAuthToken() to get a new token. Grandma only has to say OK once, the first time she runs the app.

info from http://code.google.com/intl/lt/googleapps/faq.html

What is the time to live of an authentication token? Authentication tokens expire after 24 hours. We recommend that you keep the token in memory rather than writing it to a file.