我可以在后端使用Asana access_token吗? [英] Can I use Asana access_token in the backend?
问题描述
我有一个Angular App作为前端客户端和Rails后端API.我想访问Asana的API,并希望通过Angular App对其进行授权,因此我正在跟踪他们的名为Implicit Grant Flow的OAuth流程.
授权过程后,我得到一个access_token,但是当尝试在邮递员上使用此代码时(为了测试我将在后端实现的API调用),我得到了401,而不是授权代码./p>
有没有办法让用户通过Angular授权,然后将此access_token交换为令牌/代码的永久物,以便在后端进行后续调用?
如果没有,我是否需要在每次访问API时让用户对此进行授权?
编辑
以下是我尝试对邮递员使用access_token的屏幕截图:
注意:我在授权应用后的几分钟内就在Postman上尝试了上述操作,因此我认为令牌仍然有效.
我猜想access_token会在您开始测试之前过期.访问令牌本来应该是短暂的(Asana访问令牌当前会在一小时后过期).如果不是这种情况,您可以张贴您与Postman一起提出的要求(已删除秘密)吗?
如果您希望使用更长寿的授权,则应使用授权代码授予以获取刷新令牌,而不是访问令牌.然后,当您需要访问API时,您可以将刷新令牌交换为临时访问令牌(Asana客户端库将对其进行隐式处理).
I have an Angular App as a front-end client and a Rails back-end API. I'd like to access Asana's API and and would like to authorise it via the Angular App, so I'm following their OAuth process called Implicit Grant Flow.
After the authorisation process I get a access_token but when trying to use this code on Postman (in order to test the API call I'll implement on the back-end) I get an 401, not authorised code.
Is there a way I could get the user to authorise via the Angular and then exchange this access_token for a permanent to token/code to make subsequent calls on the backend?
If not, do I need to get the user to authorise this every time I need to access the API?
EDIT
Here's the screenshot of my attempts to use the access_token with Postman:
NOTE I've tried the above on Postman minutes after I had authorised the the app, so I'd imagine the token would be valid still.
I'd guess that the access_token expires before you get around to testing it. Access tokens are meant to be short-lived (Asana access tokens currently expire after one hour). If this is not the case could you please post the request you are making with Postman (with secrets redacted)?
If you want longer-lived authorizations, you should use the authorization code grant to get a refresh token instead of an access token. You can then exchange the refresh token for temporary access tokens when you need to access the API (the Asana client libraries handle this implicitly).
这篇关于我可以在后端使用Asana access_token吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
