使用Google API JS客户端时如何获取刷新令牌 [英] How to get refresh token while using Google API JS Client

问题描述

我一直在尝试实施一个需要用户授予对Google Analytics(分析)访问权限的应用.我一直在关注本教程:

https://developers.google.com/analytics/solutions/articles/hello-analytics-api

在其他一些地方，有使用相同功能的AngularJs代码L

https://gist.github.com/jakemmarsh/5809963

我的问题是，身份验证工作得很好，但是它不返回refresh_token. 它从不返回refresh_token.我已经尝试了网上所有可能的方法. 1.第一次 2.使用prompt = force等.但是似乎什么也没有返回refresh_token.我想这部分内容会被客户跳过.

我需要知道当用户首次授予访问权限时如何获取refresh_token，以便我可以保存它.

解决方案

它不返回设计的刷新令牌.您提到的教程和代码使用的是用于JavaScript的Google API客户端库.该库使用 OAuth 2.0客户端流来发出需要授权的请求. >

如 OAuth 2.0授权框架所述:

隐式授予类型用于获取访问令牌(不支持发布刷新令牌)，并且已针对已知操作特定重定向URI的公共客户端进行了优化.这些客户端通常是在浏览器中使用脚本语言(例如JavaScript)实现的.

实际上，授权码流是唯一一个发出刷新令牌的流，并且Google在以下情况下支持此流:Web服务器应用程序，已安装的应用程序和有限输入设备上的应用程序，而不是客户端(JavaScript) )应用程序或服务帐户. 从此处获取更多详细信息.

所以您不会以这种方式获得刷新令牌.

I have been trying to implement an app that would need user to grant access to Google Analytics. I have been following this tutorial:

https://developers.google.com/analytics/solutions/articles/hello-analytics-api

And at some other places there is code for AngularJs which uses the same functionL

https://gist.github.com/jakemmarsh/5809963

My problem is, that the auth works pretty well, but it does not return a refresh_token. It never returns a refresh_token. I have tried all the possible available on the web. 1. The first time, 2. Using prompt=force etc etc.. But nothing seems to return the refresh_token. I guess that part is skipped by the client or something.

I need to know how can I get the refresh_token when the user grants access for the first time so that I can save it.

解决方案

It does not return a refresh token as designed. The tutorial and the code you mentioned are using Google APIs Client Library for JavaScript. This library uses the OAuth 2.0 client-side flow for making requests that require authorization.

As The OAuth 2.0 Authorization Framework says:

The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.

In fact, The authorization code flow is the only one which issue refresh token, and Google supports this flow in these Scenarios: Web server applications, Installed applications, and Applications on limited-input devices, but not Client-side (JavaScript) applications or Service accounts. Get more details from here.

So you'll not get refresh token in this way.

这篇关于使用Google API JS客户端时如何获取刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！