使用OAuth.io从Google获取刷新令牌 [英] Getting refresh tokens from Google with OAuth.io
问题描述
我正在尝试从OAuth.io获取任何基于Google的提供商的访问令牌,但是,每当我进行身份验证时,我都会获得一个access_token但没有refresh_token.我为access_type选择了脱机,但仍然不满意.
I am trying to get access tokens from OAuth.io for any Google based provider however whenever I authenticate I get an access_token but no refresh_token. I have chosen offline for the access_type but still no joy.
我尝试浏览文档以寻找解决方案,但它几乎没有涵盖与刷新令牌相关的所有内容.
I have tried looking through the documentation for a solution but it barely covers anything related to the refresh token.
推荐答案
要从Google获取刷新令牌,您需要做两件事:
To get the refresh token from Google, you need 2 things:
The offline option cf https://developers.google.com/accounts/docs/OAuth2WebServer
可用于获取新访问令牌的令牌.刷新令牌在用户撤销访问之前一直有效.仅当授权码请求中包含access_type = offline时,此字段才存在."
"A token that may be used to obtain a new access token. Refresh tokens are valid until the user revokes access. This field is only present if access_type=offline is included in the authorization code request."
选项rovaling_prompt设置为强制" cf https://developers.google.com/accounts/docs/OAuth2WebServer
The option approval_prompt set to "force" cf https://developers.google.com/accounts/docs/OAuth2WebServer
重要提示:当您的应用程序收到刷新令牌时,存储该刷新令牌以供将来使用非常重要.如果您的应用程序丢失了刷新令牌,则在获得另一个刷新令牌之前,它必须重新提示用户同意. .如果您需要重新提示用户同意,请在授权代码请求中包括rovaling_prompt参数,并将其值设置为force."
"Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the approval_prompt parameter in the authorization code request, and set the value to force."
所以您的脚本应该看起来像
so your script should look something like
OAuth.popup('google', {
authorize: {
approval_prompt: 'force'
}
}).then(function(google) {
console.log(google.refresh_token)
//send the refresh token to your server
})
如果您正在使用客户端(Javascript/iOS/Android/Phonegap),则可能还需要激活以下选项:OAuth.io仪表板中的Send refresh token to front-end>常规>高级选项以允许您的客户端SDK检索刷新令牌
If you are working client-side (Javascript / iOS / Android / Phonegap), you may also need to activate the following option: Send refresh token to front-end in the OAuth.io dashboard > General > advanced option to allow your client side SDK to retrieve the refresh token
https://jsfiddle.net/Lqyc5jpw/
这篇关于使用OAuth.io从Google获取刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
