跑道刷新令牌到期 [英] Podio Refresh token Expiry

问题描述

我正在构建一个允许人们生成简单电子邮件的应用程序 - 所以我想为用户提供即插即用的体验.登录一次，它就可以工作.当您更改 podio 帐户时，将通过 webhooks 触发一封电子邮件

我了解 Podio 移交的 podio 刷新令牌存在 28 天.虽然这最初工作得很好，但 28 天后，我的应用程序将停止为注册 Podio 的用户工作，并希望它能够完美运行.更困难的是，无法确定刷新令牌何时到期以及我何时将获得新的刷新令牌.28 天期限到期前是 1 小时、2 小时还是 3 小时?

要求用户每 28 天登录一次，这样我就可以获得新的刷新令牌听起来不太可行.

所以我的问题是

1) 什么时候为我的用户生成新的刷新令牌

2) 使令牌无效只会使访问令牌无效，而不会使刷新令牌无效.为什么会这样?

我之前在 podio 论坛上看到过类似的问题，但都没有人回答

https://help.podio.com/hc/en-us/community/posts/206669587-Get-new-refresh-token

解决方案

当您请求访问令牌时，您将返回一个 JSON 负载，如下所示:

<预><代码>{访问令牌":访问令牌，"token_type": "承载","expires_in": EXPIRES_IN,refresh_token":REFRESH_TOKEN，范围":GRANTED_SCOPE_STRING，参考":{"类型": "用户",id":用户 ID}}

它有access_token、refresh_token，以及access_token 的有效期.

如果您在没有 SDK/客户端库的情况下直接进行 API 调用，则需要在 access_token 过期时处理它的刷新.为了实现这一点，您可能需要存储您获得访问令牌的时间戳，以及访问令牌请求的响应数据，并在每次 API 调用之前进行比较并确定访问令牌是否已过期.如果令牌已过期，您需要提供现有的 refresh_token 并使用 此 API 调用 并更新商店中的时间戳.

如果您使用的是 SDK，它可能会自动刷新访问令牌(例如 podio-rb、podio-php、podio-net)

I am building an app that allows people to generate simple emails - so I want to give the users a plug and forget experience. Sign in once and it just works.when you make changes to your podio account, a email is triggered via webhooks

I understand that the podio refresh token handed over by Podio exists for 28 days.While this works perfectly fine initially, but after 28 days, my app will stop working for users who signed up with Podio and expect that it works flawlessly. What makes it even more difficult is, there is no way to find out when the refresh token expires and when I will get new refresh token. Will it be 1 hour, 2 hours or 3 hours before the 28 day period expires ?

Asking the user to log in every 28 days, so I can get new refresh token doesn’t sound feasible.

So my question is

1) When is a new refresh token generated for my users

2) Invalidating the token invalidates only the access token not refresh token. why so?

I have seen similar questions on podio forums before but none of them are answered

https://help.podio.com/hc/en-us/community/posts/206669587-Get-new-refresh-token

解决方案

When you request an Access token, what you will get back is a JSON payload like this:

{
  "access_token": ACCESS_TOKEN,
  "token_type": "bearer",
  "expires_in": EXPIRES_IN,
  "refresh_token": REFRESH_TOKEN,
  "scope": GRANTED_SCOPE_STRING,
  "ref":
  {
    "type": "user",
    "id": USER_ID
  }
}

It has the access_token, refresh_token, and how long the access_token is valid.

If you are directly making the API calls without a SDK/client library you need to handle refreshing of access_token when it is expired. To implement that, you may need to store the timestamp you got the access token, and the response data of access token request and do the comparison and determine whether the access token is expired before every API call. If the token is expired you need supply the existing refresh_token and get the new access token details using this API call and update time timestamp in the store.

If you are using an SDK it may have auto-refreshing of access tokens (e.g. podio-rb, podio-php, podio-net)

这篇关于跑道刷新令牌到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！