Google身份验证总是询问授权，尽管提示没有任何价值 [英] Google authentification always ask authorization despite prompt has no value

问题描述

从Google OAuth连接用户后，如果该用户希望在需要选择其Google帐户的下一个会话期间重新连接，则会再次请求许可.

After having connected a user from Google OAuth, when this one wishes to reconnect during a next session requiring the selection of his google account, the permission is asked again.

根据文档，参数的行为负责授权请求的提示如下:

如果未指定任何值并且用户先前未授权 访问，然后向用户显示一个同意屏幕.

If no value is specified and the user has not previously authorized access, then the user is shown a consent screen.

因此，用户不必重新排列其同意书(通过验证，该应用程序已存在我的授权中).

The user should therefore not have to reorder his consent (with verification, the application is present in my authorizations).

唯一可以想到的答案是关于这个问题的答案:始终与Google登录征得用户同意

The only answer envisaged was the one on this question : login with google always asks user consent

因为我也没有安全的HTTP在本地工作，但他认为存在cookie策略，而事实并非如此.

Because I also work locally without secure HTTP, but he assumes that a cookie policy is present which is not the case.

代码生成URL

/**
 * Create a new OAuth2Client with the credentials previously loads
 */
private getOAuth2() : OAuth2Client {
    return new OAuth2(
        this.credentials.client_secret,
        this.credentials.client_id,
        this.credentials.redirect_uris[0]
    );
}

/**
 * Create connection URL for the given scopes
 * @param scopes
 */
public url(scopes: Array<string>) : string {
    return this.client.generateAuthUrl({
            access_type: "offline",
            scope: scopes
    });
}



// The scope used to generate URL is 'https://www.googleapis.com/auth/youtube.readonly'

// this.client refer to a client which is load by getOAuth2
// and use only for the generation of URL's.

当用户第二次登录时，要获取丢失的刷新令牌，不需要再次同意:

When a user logs in a second time, to obtain a refresh token that has been lost, he or she is not required to give consent again :

这就是发生的问题.

推荐答案

TBH，我不清楚您的问题.但是，我确定您必须处理两个不同的令牌.由于是OAuth，因此一经成功的用户身份验证，您首先会从Google获得访问令牌.

TBH, I didn't understand your problem clearly. But, I'm sure that you must be dealing with two different tokens. As it is OAuth, at first you'll get access token from Google upon successful user authentication.

您应该使用该访问令牌从Google获取用户信息.但是默认情况下，访问令牌具有一些到期时间，超过该时间，用户必须重新授权您的应用程序.我怀疑这就是您的情况.

You're supposed to use that access token to get user information from Google. But by default access token has some expiration time, beyond which the user has to reauthorize your app. I suspect that's what happens in your case.

您可以通过使用刷新令牌来更新访问令牌，当您征得用户的同意后，将获得刷新令牌.

You can renew your access token by making use of refresh token which you'll get when you get consent from the user.

您可以在我写的这篇博客文章中获得详细信息， https://www .syncwithtech.org/authorizing-google-apis/

You can get detailed information in this blog post written by me, https://www.syncwithtech.org/authorizing-google-apis/

我希望这可以对您有所帮助.

I hope this may help you in some way.

这篇关于Google身份验证总是询问授权，尽管提示没有任何价值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！