如何使用Google OAuth2 Javascript库获取刷新令牌? [英] How to get the refresh token with Google OAuth2 Javascript library?

问题描述

我正在使用Google OAuth2 Javascript库向用户请求访问令牌.我想将令牌存储在服务器上的数据库中.

I'm using the Google OAuth2 Javascript library to request an access token from users. I want to store the token in a database on the server.

为了能够在令牌到期后访问该用户的数据，我还需要存储刷新令牌.我知道在使用服务器端Google OAuth2库(指定access_type = offline)时该怎么做，但是我需要能够通过客户端Javascript库来做到这一点，并且它不起作用.

To be able to access that user's data after the token expiration, I also need to store the refresh token. I know how to do that when using a server-side Google OAuth2 library (specify access_type=offline), but I need to be able to do it with the client-side Javascript library and it doesn't work.

推荐答案

您不要在客户端中存储刷新令牌！这类似于存储他的用户名和密码.

You do not want to store the refresh token in the client! That would be akin to storing his username and password.

Javascript客户端不支持type = offline，因为那样会暴露刷新令牌.

The Javascript client does not support type=offline, since that would expose the refresh token.

您的选择是:-

1. 生成刷新令牌并将其存储在服务器上
2. 让您的客户端仅在需要时继续请求访问令牌.设置immediate=true，以便与用户之间没有可见的交互

1. Generate and store the refresh token on the server
2. Have your client simply keep requesting access tokens as it needs them. Set immediate=true so there is no visible interaction with the user

这篇关于如何使用Google OAuth2 Javascript库获取刷新令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！