Google打包的应用-身份API-removeCachedAuthToken [英] Google packaged app - identity API - removeCachedAuthToken

问题描述

[google chrome 28] 我在打包的应用程序中使用chrome.experimental.identity API，并且getAuthToken可以正常工作-使用get的令牌可以获取用户信息，等等. 我知道身份API正在从实验性迁移到主干，因此从chrome 29开始，我将能够使用chrome.identity并从清单中删除"experimental"权限.

[google chrome 28] I am using chrome.experimental.identity API in a packaged app and getAuthToken works fine - get's token with which I can get user info, etc. I understand that the identity API is moving out from being experimental to the trunk so as from chrome 29 I will be able to use chrome.identity and remove "experimental" permission from my manifest.

问:如果我要注销按钮是removeCachedAuthToken的处理方式?我试图在实验性身份中使用它，但是它什么也没做.

Q: If I want to make a logout button is removeCachedAuthToken the way to go about it? I tried to use it in the experimental.identity but it does nothing.

推荐答案

否.这不是要走的路.

removeCachedAuthToken是从内部令牌缓存中删除使用getAuthToken获取的令牌的功能.但是，它不会撤消令牌.这意味着该应用程序将无法再访问当前会话中的用户资源，直到它再次调用getAuthToken为止.发生这种情况时，它将能够再次获得令牌，而无需用户授予访问权限.

removeCachedAuthToken is a function that removes a token acquired using getAuthToken from the internal token cache. However, it does not revoke the token. That means that the application will no longer be able to access to the user resources in current session, until it calls getAuthToken again. When that happens, it will be able to obtain a token again without the user needing to grant access.

因此，此功能并不意味着是与注销有关的例程.当您意识到应用程序正在使用的访问令牌过时或以任何其他方式无效时，它更像是一种恢复机制.当您使用访问令牌发出请求并且HTTP响应状态为401未经授权时，就会发生这种情况.在这种情况下，您可以废弃令牌，然后使用getAuthToken请求一个新令牌.为了模拟这种行为，您可以使用 Google帐户页面撤销相关的授权或形成诊断UI:chrome: //identity-internals(当前列出所有缓存的令牌).

As such, this function is not meant to be a logout related routine. It is more of a recovery mechanism, when you realize that the access token that your application is using is stale, or invalid in any other way. That happens, when you make a request using the access token and the HTTP response status is 401 Unauthorized. In that case you can scrap the token and then request a new one using getAuthToken. To simulate that behavior, you can revoke the a relevant grant using the Google Accounts page or form the diagnostic UI: chrome://identity-internals (currently it lists all of the cached tokens).

有关GDocs和Identity的信息，请参考 chrome应用程序示例. (以防您在接下来的几天内对GDocs请求114，对Identity请求115.)

Please refer to the chrome app samples for GDocs and Identity. (Pull requests 114 for GDocs and 115 for Identity in case you are doing that in next few days.)

这篇关于Google打包的应用-身份API-removeCachedAuthToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！