可以在服务器上执行LinkedIn的访问令牌续订流程吗? [英] Can LinkedIn's access token renewal flow be performed on the server?
问题描述
在Facebook的Graph API中,一旦我们初步验证了用户身份,我们就可以直接与API交互(来自服务器)以获取长期的页面访问令牌.此寿命长的页面访问令牌永不过期. ( https://developers.facebook.com/docs/facebook-login/access -tokens/)
In the Facebook's Graph API, once we have initially authenticated the user, we can interact directly with the API (from the server) to obtain a long-lived page access token. This long-lived page access token never expires. (https://developers.facebook.com/docs/facebook-login/access-tokens/)
在阅读LinkedIn的文档时,似乎无法获得带有不确定(未过期)访问令牌的访问令牌.似乎它们每60天过期一次.但是,可以在60天之前刷新这些访问令牌.
In reading LinkedIn's documentation, it appears that it is impossible to obtain an access token with an indefinite (non-expiring) access token. It seems that they expire every 60 days. However, these access tokens can be refreshed before the 60 days is up.
文档中尚不完全清楚的是,是否可以在没有客户端交互的情况下仅在服务器上执行访问令牌更新.该文档的语言表明需要客户端(浏览器)的交互,但是没有明确说明.
What isn't entirely clear from the documentation is whether or not the access token renewal can be performed on the server alone without the client's interaction. The language of the documentation suggests that the interaction of the client (browser) is required, but nothing is explicitly stated.
所以,我的问题是,是否可以仅使用服务器来更新LinkedIn访问令牌,而无需客户端(浏览器)的交互?
So, my question is, is it possible to renew a LinkedIn access token using the server alone, without the interaction of the client (browser)?
相关的LinkedIn参考资料: https://developer.linkedin.com/documents /handling-errors-invalid-tokens
Relevant LinkedIn reference material: https://developer.linkedin.com/documents/handling-errors-invalid-tokens
推荐答案
事实证明,如果不让linkedin用户登录到linkedin,就无法刷新linkedin的访问令牌.请在此处中的第一条评论,其中明确指出了"this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."
As it turns out, the access tokens of linkedin can not be refreshed without having linkedin user logging in to linkedin. Please refer to the first comment here by LinkedIn employee which clearly states a note that "this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."
我想对于那些以前将linkedin访问令牌存储到数据库供以后使用的人来说,这是一个主要问题.
I guess that is now a major issue for those who were previously storing the linkedin access tokens to database for later use.
我在这里提到的链接很少,这些链接都涉及刷新linkedin oauth2令牌的问题(希望这对于所有正遇到同一问题的人来说都很清楚):
I am mentioning few links here which refer to the issue with refreshing linkedin oauth2 tokens (hope this makes it clear for everyone who is struggling with the same issue):
1)仅当用户仍登录到LinkedIn(已认证)并且 当前访问令牌尚未过期.否则,将向用户显示登录名 再次对话.
2)无法使用旧的身份验证令牌刷新令牌/秘密.用户 需要登录linkedin才能刷新令牌.我们使用此流程 以最佳方式保护我们的会员及其数据.
5)只要用户登录到LinkedIn且其当前访问令牌为hasn尚未过期,您可以在用户下次访问您的应用程序时获取具有60天使用期限的访问令牌.
这篇关于可以在服务器上执行LinkedIn的访问令牌续订流程吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!