Google oAuth2令牌越来越无效 [英] Google oAuth2 tokens invalidated more and more
问题描述
我有一个基于oAuth2构建的Web应用程序,该应用程序已经投入生产5年以上.用户向Google进行身份验证和授权,并向我的应用授予对Google Analytics(分析)数据的访问权限.
I have a web app built on oAuth2 that has been in production for 5+ years. Users Authenticate and Authorize with Google and grant my application access to the Google Analytics data.
突然,当刷新用户的oAuth2令牌时,我看到失败数量激增.这是电话: https://accounts.google.com/o/oauth2/token
All of a sudden I am seeing a surge in failures when refreshing my users oAuth2 tokens. This is the call: https://accounts.google.com/o/oauth2/token
传递以下参数: client_id = xxyyzz client_secret = xxyyzz grant_type =刷新令牌 refresh_token = xxyyzz
Passing these parameters: client_id=xxyyzz client_secret=xxyyzz grant_type=refresh_token refresh_token=xxyyzz
这似乎是由于活跃度较低的帐户(即,在我们代表他们打电话的实例之间,可能需要15天以上的时间).我必须与他们联系,让他们对Google进行重新授权",以使事情正常进行.
This seems to be be on accounts that are less active (i.e. it could be 15+ days between instances where we make calls on their behalf). I have to reach out to them and have them "ReAuthorize" against Google to get things working.
1)最近使用Google oAuth2或GA Core Reporting API发生了什么变化?
1) Did something recently change with Google oAuth2 or the GA Core Reporting API?
2)如果访问令牌在一段时间后没有刷新,我的刷新令牌会失效吗?即即使我认为我不需要这些数据也应该打电话给所有帐户;只是为了防止刷新令牌过时?
2) If access tokens are not refreshed after some time period will my refresh token become invalid? i.e. should I make calls against all accounts even thought I don't need the data; just to keep the refresh token from going stale?
谢谢, 马克.
更新范围 有人要求在这里提供作用范围: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/analytics.readonly
Update on Scope It was requested to provide the scopes in play here: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/analytics.readonly
推荐答案
2016年11月17日更新:
11/17/2016 Update:
我们确实发现了导致某些令牌被清除的问题.我们正在努力确保不会再次发生.不幸的是,无法恢复已删除的令牌,您的用户将不得不再次重新授权.
We did find an issue that resulted in some tokens being purged. We are working on to make sure it doesn't happen again. Unfortunately there is no way to restore the tokens that were deleted and your users will have to reauthorize again.
2016年11月11日更新:
11/11/2016 update:
我们正在积极调查此问题.您应该要求您的用户重新授权该应用程序.
We are actively investigating the issue. You should ask your users to re-authorize the application.
(来自Google Identity/Auth团队)我们将对此进行更多调查,以确保我们的系统能够按预期运行.除了更改密码的令牌吊销(在特定范围内)外,我们还没有更改令牌吊销策略.
(from Google Identity/Auth team) We would like to investigate this a bit more to make sure our system is working as intended. Other than the token revocation (with certain scopes) on password change, we haven't changed the token revocation policy.
您能通过我的Google+个人资料ping我吗?
Would you please ping me via my G+ profile?
这篇关于Google oAuth2令牌越来越无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
