Headless用GTMOAuth2SignIn获取令牌 [英] Headless obtain token with GTMOAuth2SignIn
问题描述
我想为我所有的服务方法编写集成测试.这些方法使用OAuth2保护,iOS客户端使用gtm-oauth2库.
I would like to write integration tests for all of my service methods. These methods are secured using OAuth2, and the iOS client is using gtm-oauth2 library.
我可以编写一些代码来从OCUnit测试用例中使用用户名/密码凭据获取访问令牌?
What's some code that I can write to obtain an access token using username/password credentials from within an OCUnit test case?
完成此操作的任何人都可以节省我浏览Google代码的时间吗?
Can anyone who has done this save me the time trawling through Google code?
推荐答案
这是一个分为三个阶段的过程.
It's a three stage process.
首先,忘记用户名和密码.他们会把你引向错误的方向.
First, forget about usernames and passwords. They will lead you in the wrong direction.
在某个离线点,您将需要生成刷新令牌.这将需要一个浏览器会话,因为Google会引导用户进行授权对话.获得刷新令牌后,您可以将其保存或嵌入到测试工具中(假设这是一个虚拟用户,没有值得保护的秘密.您可以将刷新令牌视为用户名和密码的oauth等效项.
At some offline point, you will need to generate a refresh token. This will require a browser session as Google will walk the user through an authorisation dialogue. Once you have the refresh token you can save it or embed it in your test harness (assuming that this is a dummy user with no secrets worth protecting. You can think of the refresh token as the oauth equivalent of username and password if you like.
现在,在测试设置中,您将使用刷新令牌来请求访问令牌.这是对
Now in your test setup, you will use the refresh token to request an access token. That is a simple call to
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
refresh_token=1/6BMfW9j53gdGImsiyUH5kU5RsR4zwI9lUVX-tqf8JXQ&
grant_type=refresh_token
只要用户尚未撤消授予您的应用程序的访问权限,则响应中将包含一个新的访问令牌.这样的请求的响应如下所示:
As long as the user has not revoked the access granted to your application, the response includes a new access token. A response from such a request is shown below:
{
"access_token":"1/fFBGRNJru1FQd44AzqT3Zg",
"expires_in":3920,
"token_type":"Bearer",
}
这些详细信息取自 https://developers.google.com/accounts/docs/OAuth2WebServer#offline
这篇关于Headless用GTMOAuth2SignIn获取令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
