Google API:如何增加访问令牌的到期日期? [英] Google API: How to increase access token expiration date?
问题描述
Google API的有效期为1小时,问题是我正在使用API,以便允许用户使用admin SDK功能(列出组,将成员添加到组等)
Google API expiration date is 1 hour, the problem is that I'm using the API in order allow users to use admin SDK features (List groups, add members to a group etc.)
没有人可以在一小时内完成任何操作,这将要求用户每天多次登录其帐户来管理其组.如果您只想使用Google对用户进行身份验证,则有效期为1小时为好.
No one can do any of that in one hour, that would require users to login to their accounts multiple times per day to manage their groups. A 1 hour expiration date is good if you just want to use Google to authenticate users.
如何增加它或有任何解决方法?我想念什么吗?
How to increase that or is there any work around? Am I missing something?
推荐答案
由于安全原因,您无法更改访问令牌的有效期限.但是,如果您请求,您可以刷新访问令牌,而无需提示用户获得许可脱机访问与令牌关联的范围.
Due to security reasons, you cannot change the duration of the access token's expiry. However, you can refresh an access token without prompting the user for permission if you requested offline access to the scopes associated with the token.
- 如果您使用Google API客户端库,则客户端对象将刷新只要您将该对象配置为脱机访问,就可以根据需要访问令牌.
- 如果您不使用客户端库,则在将用户重定向到Google的OAuth 2.0服务器.在这种情况下,当您交换授权码时,Google的授权服务器会返回刷新令牌. 获取访问令牌.然后,如果访问令牌过期(或在任何其他时间),则可以使用刷新令牌来获取新的访问令牌.
- If you use a Google API Client Library, the client object refreshes the access token as needed as long as you configure that object for offline access.
- If you are not using a client library, you need to set the
access_type
HTTP query parameter tooffline
when redirecting the user to Google's OAuth 2.0 server. In that case, Google's authorization server returns a refresh token when you exchange an authorization code for an access token. Then, if the access token expires (or at any other time), you can use a refresh token to obtain a new access token.
这篇关于Google API:如何增加访问令牌的到期日期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!