如何从Google Assistant撤消访问令牌? [英] How to revoke access token from Google Assistant?

问题描述

我正在使用oauth隐式流来授权google助手用户进入系统.

登录流程如下:

如果用户是第一次登录，则助手会将其重定向到我的服务，用户在该服务中提供其凭据并登录.成功登录后，我的服务将生成JWT令牌，并将其发送回google oauth端点. /p>

然后，用户返回到Google助手，并显示一条消息:您的帐户已链接到Google".

现在，最大的问题是，

令牌过期后，如何注销用户?

或者我该如何从Google Assistant吊销令牌，以便它将用户再次重定向到我的服务登录页面进行身份验证?

请不要建议授权代码流，因为现有体系结构不允许授权流.

如果您需要更多信息，请在下面评论.

解决方案

找到了解决方案.

您只需要从Webhook发送401 Unauthorized代码.收到401时，Google会自动吊销令牌并退出应用程序.

然后，当用户再次调用该应用程序时.要求用户重新将其帐户与Google关联.

如果您还有其他问题，请在下面评论.

I'm using oauth implicit flow to authorize google assistant user into the system.

The login flow goes like this:

If user is logging in for the first time, the assistant redirect it to my service where user provides its credentials and logs in. Upon successful login, my service generates a JWT token and sends it back to the google oauth endpoint.

Then user returns to the Google assistant with a message: "Your account has been linked to Google".

Now, the big problem is,

How can I logout the user once the token expires?

Or how can I revoke the token from Google Assistant so that it will again redirect the user to my service login page for authentication?

Try not to suggest Authorization code flow because existing architecture does not allow Authorization flow.

If you need more information then please comment below.

解决方案

Found the solution.

You just have to send 401 Unauthorized Code from the your webhook. On receiving 401 Google automatically revokes the token and exits the application.

Then when user invokes the app again. User is asked to re-link his account with Google.

If you have further questions then comment below.

这篇关于如何从Google Assistant撤消访问令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！