当Access_token执行时,Google OAuth2 Refresh_token过期 [英] Google OAuth2 Refresh_token expires when Access_token does
问题描述
根据 https://groups.google.com/forum/# !forum/oauth2-dev 讨论现在在这里.
无论我读了多少书,我都无法理解Google OAuth2令牌的工作原理.阅读文档和许多其他地方表明,refresh_token不会过期,并且在access_token过期后才使用.请参阅> https://developers.google.com/accounts/docs/OAuth2WebServer上的官方文档. #refresh
No matter how much reading I do, I can't get my head around how google OAuth2 tokens work. Reading the docs and many other places suggest that a refresh_token doesn't expire, and is used once the access_token expires. See the official docs at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
但是,实际上,它似乎按照Paul的描述工作(无法刷新令牌过期后),当访问令牌过期时,刷新令牌也会过期.
However, in practice it appears to work as describe by Paul (Unable to refresh token after expiration) that the refresh token expires when the access token expires.
Google工程师能否确认行为正确,因为这似乎是行为和文档不匹配的情况.
Can a Google Engineer please confirm what the correct behavior should be as this appears to be a case of behavior and documentation not matching.
这也使刷新令牌无效.
推荐答案
如果在向https://accounts.google.com/o/oauth2/auth
发出初始请求时请求access_type=offline
,则您将获得刷新令牌以及访问令牌. 在此处记录.
If you request access_type=offline
when making the initial request to https://accounts.google.com/o/oauth2/auth
then you'll get back a refresh token along with the access token. This is documented here.
刷新令牌不会过期,直到用户从帐户明确撤销对它的访问之前->安全->已连接的应用程序和网站" 页面.
The refresh token does not expire, until the user explicitly revokes access to it from the Account -> Security -> "Connected applications and sites" page.
您链接到的另一篇文章似乎与SoundCloud有关,大概在做事上有所不同.
The other post you linked to seems to be related to SoundCloud, which presumably does things a little differently.
这篇关于当Access_token执行时,Google OAuth2 Refresh_token过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!