当Access_token执行时，Google OAuth2 Refresh_token过期 [英] Google OAuth2 Refresh_token expires when Access_token does

问题描述

根据 https://groups.google.com/forum/# ！forum/oauth2-dev 讨论现在在这里.

无论我读了多少书，我都无法理解Google OAuth2令牌的工作原理.阅读文档和许多其他地方表明，refresh_token不会过期，并且在access_token过期后才使用.请参阅> https://developers.google.com/accounts/docs/OAuth2WebServer上的官方文档. #refresh

No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh

但是，实际上，它似乎按照Paul的描述工作(无法刷新令牌过期后)，当访问令牌过期时，刷新令牌也会过期.

However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.

Google工程师能否确认行为正确，因为这似乎是行为和文档不匹配的情况.

Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.

这也使刷新令牌无效.

推荐答案

如果在向https://accounts.google.com/o/oauth2/auth发出初始请求时请求access_type=offline，则您将获得刷新令牌以及访问令牌. 在此处记录.

If you request access_type=offline when making the initial request to https://accounts.google.com/o/oauth2/auth then you'll get back a refresh token along with the access token. This is documented here.

刷新令牌不会过期，直到用户从帐户明确撤销对它的访问之前->安全->已连接的应用程序和网站" 页面.

The refresh token does not expire, until the user explicitly revokes access to it from the Account -> Security -> "Connected applications and sites" page.

您链接到的另一篇文章似乎与SoundCloud有关，大概在做事上有所不同.

The other post you linked to seems to be related to SoundCloud, which presumably does things a little differently.

这篇关于当Access_token执行时，Google OAuth2 Refresh_token过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！