Tokens are created, for example, when you login to third party services with your Google or Google+ account using OAuth, share your Gmail contacts, allow web apps to view your Google Reader subscriptions, sync your Chrome OS or browser data, use Android (phone and certain apps), or use/link any of Google's many services or APIs (Keep, YouTube, Picasa, Drive, Calendar, etc.)
The error message received is usually unclear and varies greatly from each service. You may receive an incorrect password message (the most confusing of all), be unable to connect and see a blank screen, or be told you have too many active tokens (google_too_many_active_tokens). If you have these types of problems while logging in with your Google account email and password to any service, site, or app you can usually rectify it by releasing some account tokens.
Follow these steps to remove authorized connections (tokens) from your Google account:
- Go to the Manage Access to Connected Applications and Sites page (slow to load sometimes)
- Click the "Revoke Access" button next to the connections you want to remove
- Find services you no longer use and remove (it is good to do this anyway)
- Remove some "Sign in using your Google account" items
Google would not comment on the number of tokens allowed and I don't know if the limits are service specific. The only text I could find regarding a limit is "there are limits... per user across all clients" on the OAuth 2.0 page. Based on my account I believe the limit to be around 500 tokens. A lot of people may never have this problem, but for people like me that enjoy trying new apps, websites, and services you may hit the upper limit after a while.