Google OAuth:无法使用授权码获取刷新令牌 [英] Google OAuth: can't get refresh token with authorization code
问题描述
我使用Google API Client for Google Analytics和OAuth 2.0
我读了这个来获取刷新令牌,但没有出现: https://developers.google.com/identity/protocols/OAuth2WebServer#offline
我只拿到这个:
{
access_token: ya29.twHFi4LsiF-AITwzCpupMmie-fljyTIzD9lG8y_OYUdEGKSDL7vD8LPKIqdzRwvoQAWd,
token_type:Bearer,
expires_in:3599,
id_token:非常长的字符串
}
以下是代码:
Javascript(获得授权码):
gapi.analytics .ready(function(){
gapi.analytics.auth.authorize({
container:'embed-api-auth-container',
clientid:'257497260674-ji56vq885ohe9cdr1j6u0bcpr6hu7rde .apps.googleusercon tent.com',
});
gapi.analytics.auth.on('success',function(response){
var code = response.code;
$ .ajax({
url :getTokensFromCode.php,
method:GET,
data:{
code:code
},
success:function(tokens){
//我不能在这里获取刷新标记,只获取access_token和id_token
console.log(标记);
}
});
});
});
PHP(用于交换令牌的授权码):
//我在Javascript中获得授权码
$ code = $ _GET ['码'];
$ redirectURI =postmessage;
$ client = new Google_Client();
$ client-> setClientId($ clientID);
$ client-> setClientSecret($ clientSecret);
$ client-> setRedirectUri($ redirectURI);
$ client-> addScope(Google_Service_Analytics :: ANALYTICS_READONLY);
$ client-> setAccessType('offline');
$ client-> setApprovalPrompt('force');
$ client-> authenticate($ code);
$ tokens = $ client-> getAccessToken();
echo $ tokens;
我需要JavaScript中的刷新标记,这就是为什么我在Javascript中获得授权代码并创建Ajax请求获取刷新令牌。
您只会获得 refresh_token 用户第一次授予访问您的应用的权限。您需要将refresh_token存储在某个地方,以便以后可以使用它。在用户下次登录您的应用程序时,您将不会获得新的刷新令牌。
$ b FWIW:在Javascript客户端中使用刷新令牌不会产生因为Javascript客户端无法以安全(保密)的方式存储它,所以很有意义。由于Javascript客户端位于浏览器中,并且用户位于浏览器中,因此您可以重新将浏览器重定向到授权端点,并且您将获得新的访问令牌(这也是刷新令牌的用途)。 Google用户的SSO会话将确保用户不需要再次登录,并且体验无缝。
I am using Google API Client for Google Analytics with OAuth 2.0
I read this to get the refresh token but it doesn't appears: https://developers.google.com/identity/protocols/OAuth2WebServer#offline
I only get this instead:
{
"access_token": "ya29.twHFi4LsiF-AITwzCpupMmie-fljyTIzD9lG8y_OYUdEGKSDL7vD8LPKIqdzRwvoQAWd",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "very long string"
}
Here is the code:
Javascript (to get the Authorization Code): that works
gapi.analytics.ready(function() {
gapi.analytics.auth.authorize({
container: 'embed-api-auth-container',
clientid: '257497260674-ji56vq885ohe9cdr1j6u0bcpr6hu7rde.apps.googleusercontent.com',
});
gapi.analytics.auth.on('success', function(response) {
var code = response.code;
$.ajax({
url: "getTokensFromCode.php",
method: "GET",
data: {
"code": code
},
success: function (tokens) {
// I can't get refresh token here, only get "access_token" and "id_token"
console.log(tokens);
}
});
});
});
PHP (to exchange Authorization Code for tokens): that doesn't work
// I get the authorization code in Javascript
$code = $_GET['code'];
$redirectURI = "postmessage";
$client = new Google_Client();
$client->setClientId($clientID);
$client->setClientSecret($clientSecret);
$client->setRedirectUri($redirectURI);
$client->addScope(Google_Service_Analytics::ANALYTICS_READONLY);
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$client->authenticate($code);
$tokens = $client->getAccessToken();
echo $tokens;
I need the refresh token in Javascript, that's why I get the authorization code in Javascript and make an Ajax request to get the refresh token.
You will only get the refresh_token the very first time that a user grants access to your app. You'll need to store the refresh_token somewhere to be able to use it afterwards. You won't get a new refresh token the next time a user logs in to your app.
FWIW: using a refresh token in a Javascript client doesn't make a lot of sense since a Javascript client can't store it in a safe (confidential) way. Since Javascript clients live in browsers and users are present in browsers, you can just redirect the browser to the authorization endpoint again and you'll get a new access token (which is also the purpose of a refresh token). The SSO session for the user at Google will make sure that the user doesn't need to login again and that the experience is seamless.
这篇关于Google OAuth:无法使用授权码获取刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
