如何使用Laravel管理OAuth刷新令牌? [英] How can I manage OAuth refresh tokens with Laravel?

问题描述

Socialiate插件在Laravel中提供了OAuth的实现，但似乎主要是为了使他们不必在自己的网站上创建用户帐户而设计的.

The Socialiate plugin provides an implementation for OAuth in Laravel, but it seems to be designed for mostly for the purpose of allowing them to not have to make a user account on your own site.

我正在制作一个有助于管理其YouTube帐户的应用程序，这意味着auth请求的范围更广(很容易更改)，但我还需要刷新令牌(相对于访问令牌)才能进行长期访问到他们的帐户.

I am making an application that helps manage their Youtube account, meaning the scope of the auth request is broader (which was easy to change) but I also need a refresh token (versus just an access token) for long-term access to their account.

Laravel是否已经有处理此问题的软件包?我一直找不到，但是也许我在寻找错误的东西.

Is there a package out there for Laravel that already handles this? I haven't been able to find one, but maybe I'm searching for the wrong thing.

如果没有，我应该如何处理?当我编写与Youtube API进行交互的代码时，是否只需要检查访问令牌是否已过期，如果是，编写一个执行HTTP请求以使用存储在服务器中的刷新令牌来获取新请求的函数.数据库?而且我想还可以扩展Socialite来检索刷新令牌?

If not, how should I approach this? When I write my code that interacts with Youtube's API, do I simply need to check whether the access token is expired, and if so, write a function that does an HTTP request to get a new one with the refresh token I have stored in the database? And I guess also extend Socialite to retrieve a refresh token?

我觉得必须有一种更好的方法，而无需我重新发明轮子.

I feel like there's got to be a better way that doesn't involve me re-inventing the wheel.

推荐答案

自上次访问此问题以来已经有一段时间了，看到这是Google的第一个结果，我想说:这是现在可以使用Socialite.

It's been a while since this question was last visited, and seeing that it is the first Google result, I'd like to say: This is now possible with Socialite.

将用户重定向到Google时，在重定向时，使用with()方法将access_type设置为offline，例如:

When you redirect your users to Google, set access_type to offline with the with() method when redirecting, like this:

    return Socialite::driver('google')
        ->scopes() // For any extra scopes you need, see https://developers.google.com/identity/protocols/googlescopes for a full list; alternatively use constants shipped with Google's PHP Client Library
        ->with(["access_type" => "offline", "prompt" => "consent select_account"])
        ->redirect();

这将使Google返回刷新令牌.

This will make Google return a refresh token.

这篇关于如何使用Laravel管理OAuth刷新令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！