请求刷新令牌失败.在令牌存储中找不到刷新令牌 [英] Requesting refresh token fails.No refresh tokens were found in the token store

问题描述

我正试图从App Services获取Google的刷新令牌，但不能.

I'm trying to get refresh token for Google from App Services,but I can't.

日志说

2016-11-04T00:04:25 PID [500]详细收到的请求:GET https下载详细的OpenID配置://accounts.google.com/.well-known/openid-configuration

2016-11-04T00:04:25 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline 2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID configuration from https://accounts.google.com/.well-known/openid-configuration

2016-11-04T00:04:25 PID [500]从详细下载OpenID颁发者密钥https://www.googleapis.com/oauth2/v3/certs

2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID issuer keys from https://www.googleapis.com/oauth2/v3/certs

2016-11-04T00:04:25 PID [500]信息重定向:

2016-11-04T00:04:25 PID[500] Information Redirecting: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=299597639...04000925%26redir%3D&access_type=offline

2016-11-04T00:05:17 PID [500]详细收到的请求:GET https://noteappsvr.azurewebsites.net/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none

2016-11-04T00:05:17 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none

2016-11-04T00:05:17 PID [500]详细调用到外部HTTP端点POST https://www.googleapis.com/oauth2/v4/token .

2016-11-04T00:05:17 PID[500] Verbose Calling into external HTTP endpoint POST https://www.googleapis.com/oauth2/v4/token.

2016-11-04T00:05:18 PID [500]信息已完成"xxxxx@gmail.com"的登录.提供商:"google".

2016-11-04T00:05:18 PID[500] Information Login completed for 'xxxxx@gmail.com'. Provider: 'google'.

2016-11-04T00:05:18 PID [500]详细写站点'noteappsvr.azurewebsites.net'的'AppServiceAuthSession'cookie.长度:728.

2016-11-04T00:05:18 PID[500] Verbose Writing 'AppServiceAuthSession' cookie for site 'noteappsvr.azurewebsites.net'. Length: 728.

2016-11-04T00:05:18 PID [500]信息重定向:

2016-11-04T00:05:18 PID[500] Information Redirecting: https://noteappsvr.azurewebsites.net/.auth/login/done#token=%7B%22authenti...d6ffa9924e5%22%7D%7D

2016-11-04T00:05:50 PID [500]详细收到的请求:GET https://noteappsvr.azurewebsites.net/.auth/refresh

2016-11-04T00:05:50 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/refresh

2016-11-04T00:05:50 PID [500]详细的JWT验证成功.主题:"sid:4fd4f6 ..."，发行者:" https://noteappsvr.azurewebsites.net/".

2016-11-04T00:05:50 PID[500] Verbose JWT validation succeeded. Subject: 'sid:4fd4f6...', Issuer: 'https://noteappsvr.azurewebsites.net/'.

2016-11-04T00:05:50 PID [500]警告sid:4fd4f6 ...发出的刷新请求失败，因为在令牌存储中未找到刷新令牌.

2016-11-04T00:05:50 PID[500] Warning The refresh request issued by sid:4fd4f6... failed because no refresh tokens were found in the token store.

2016-11-04T00:05:50 PID [500]信息发送响应:403.80禁止

2016-11-04T00:05:50 PID[500] Information Sending response: 403.80 Forbidden

令牌存储中似乎没有刷新令牌，但是为什么呢?我已经在门户网站上启用了令牌存储设置.

There seem to be no refresh tokens in token store,but why? I turned on token store setting on portal already.

推荐答案

如果Google检测到它已经为您的用户提供了刷新令牌，那么除非您明确提示用户同意，否则它不会提供其他刷新令牌.您可以通过在登录URL中添加 prompt = consent 查询字符串参数来实现.就您而言， https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline&prompt=同意

If Google detects that it has already given your user a refresh token, then it will not give additional refresh tokens unless you explicitly prompt the user for consent. You can do this by adding the prompt=consent query string parameter to the login URL. In your case, https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline&prompt=consent

尝试一下，看看是否可以恢复Google刷新令牌.

Try this and see if that restores the Google refresh token.

有关此行为的Google文档可在此处(在HTTP/REST标签下)找到: https://developers.google.com/identity/protocols/OAuth2WebServer#offline

Google documentation on this behavior can be found here (under the HTTP/REST tab): https://developers.google.com/identity/protocols/OAuth2WebServer#offline

重要:当您的应用程序收到刷新令牌时，存储该刷新令牌以供将来使用很重要.如果您的应用程序丢失了刷新令牌，则在获取另一个刷新令牌之前，它必须重新提示用户同意.如果您需要重新提示用户同意，请在授权代码请求中包含提示参数，然后将值设置为同意.

Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the prompt parameter in the authorization code request, and set the value to consent.

在正常使用情况下，刷新令牌不应丢失.如果您看到丢失的情况，请告诉我.

In normal usage, the refresh token should not be lost. Let me know if you are seeing a case where it does get lost.

这篇关于请求刷新令牌失败.在令牌存储中找不到刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！