Google Marketplace - 安装应用程序和访问令牌 [英] Google Marketplace - Installing application and access tokens

问题描述

尝试测试我的市场应用程序的安装过程.Google 文档说我可以使用控制台中的测试安装流程"按钮来测试安装过程.当我单击该按钮时，会看到授权对话框，然后单击接受.该对话框已关闭，应用程序已安装在我正在测试的域上.

问题:我是否应该在此安装过程中的某个时刻获取和存储 refresh_token?

有一个

摘自上述网址:

如果用户允许访问，授权服务器将返回授权码.它可以由 Google 服务器调用由您的应用程序打开的 Web 服务端点发送回，也可以在发送回浏览器的页面标题中发送.由于在后台运行 Web 服务器、通过任何可能的防火墙打开连接等方面的挑战……安装的应用程序更容易从结果网页的标题中简单地刮取授权代码.这就是示例项目中使用的技术.如果成功，标题将设置为成功代码=xxxxxxxxx，其中 xxxx 将被唯一的授权代码替换.

授权码只会让您受邀参加聚会.就 API 访问而言，您无法使用该代码执行任何操作.授权码必须换成短期访问码和长期更新码.在 Google.Apis.Authentication.OAuth2 库中有一个名为 NativeApplicationClient 的类.这是授权服务器的包装器，它有一个名为ProcessUserAuthorization"的方法.该方法将我们在用户授权应用程序访问后检索到的授权码转化为访问令牌和刷新令牌.访问令牌是我们手头任务实际需要的，它在 NativeApplicationClient 中维护.它与所有后续 API 调用一起传递.NativeApplicationClient 的好处在于它知道如何验证访问令牌以及令牌的年龄.如果令牌已过期，客户端将使用刷新令牌来获取新的访问令牌.这减轻了我们管理令牌生命周期的负担.

Trying to test installation process for my marketplace application. Google documentation says that I can test installation process by using Test Install Flow button in the console. When I click on that button, I see the authorization dialog and I click accept. The dialog is closed and app is installed on the domain I am testing.

Question: Should I be getting and storing a refresh_token at some point in this installation process?

There is an Install URL that I can specify in Drive SDK but I can't find documentation about when Google posts to this install URL and what gets posted.

解决方案

Here is a project which shows you how to do just that:

Checkout the section called: Cached Credentials

http://www.codeproject.com/Articles/488185/Working-with-Google-Drive-in-WPF

Excerpt from the above URL:

Provided the user allows access, the authorization server will return the authorization code. It can be sent back either by the Google server calling a web service endpoint opened by your application or in the title of the page sent back to the browser. Because of the challenges of spooling up a web server, opening a connection through any possible firewall(s), etc... it is much easier for installed applications to simply scrape the authorization code from the title of the resulting web page. That is the technique used in the sample project. If successful, the title will be set to Success code=xxxxxxxxx where the xxxx's are replaced by a unique authorization code.

The authorization code only gets you invited to the party. You can't do anything with that code as far as API access. The Authorization Code must be exchanged for a short-lived access code and a long-term refresh code. In the Google.Apis.Authentication.OAuth2 library is a class called NativeApplicationClient. This is the wrapper for the authorization server and it has a method called 'ProcessUserAuthorization'. This method takes the authorization code we retrieved after the user authorized the application's access and turns it into the access token and the refresh token. The access token is what we actually need for the task at hand and it is maintained in the NativeApplicationClient. It gets passed with all subsequent API calls. The nice thing about the NativeApplicationClient is that it knows how to verify the access token and how old the token is. If the token has expired, the client will use the refresh token to get a new access token. That takes the burden off of us to manage token lifetimes.

这篇关于Google Marketplace - 安装应用程序和访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！