首次登录和授权后，Google + OAuth API会存储和检索令牌 [英] Google+ OAuth API store and retrieve tokens after first login and authorization

问题描述

我已经阅读了有关如何使用Google API的文档，示例和教程，已经运行了一个微型应用程序，可以显示您的最新活动和信息，但是我使用会话来存储令牌.

I have read the documentation, examples and tutorials of how to use the Google API, I have a mini-app running already that shows your latest activities and information, but I use sessions to store the token.

我的问题是，如何存储和检索数据库中的令牌，以便当用户(已经注册)单击登录"时，可以立即使用API​​，而无需重复授权?请注意，我以示例作为迷你应用程序的起点.

My question is, how can I store and retrieve the token from the database so that when a user (who has already registered) clicks "login", it can use the API right away without repeated authorization? Note that I used the example as a starting point for my mini-app.

这是一个代码段:

$client = new apiClient();
$client->setApplicationName(APP_NAME);
$client->setClientId(CLIENT_ID);
$client->setClientSecret(CLIENT_SECRET);
$client->setRedirectUri(REDIRECT_URL);
$client->setDeveloperKey(DEV_KEY);

$plus = new apiPlusService($client);
$google_userinfo = new apiOauth2Service($client);

$message = "";

// In a real application this would be stored in a database, and not in the session!
if (isset($_SESSION['token']))
  $client->setAccessToken($_SESSION['token']);

$_SESSION['token'] = $client->getAccessToken();

if (isset($_GET['code'])) {
   $client->authenticate();
  // In a real application this would be stored in a database, and not in the session!
  $_SESSION['token'] = $client->getAccessToken();
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}
...
 //Somewhere here, I added a function that ties $_SESSION['token'] to the user's info.
...
<form action="" method="post" id="form1" name="form1">
   <fieldset>
      <div id="main-url-section" style="width: 50%;margin: 0px auto;text-align: center;">
         <?php
            $authUrl = $client->createAuthUrl();
            print "<p><a class='login' href='$authUrl'>Log me in!</a></p>";
         ?>                                 
      </div>
    </fieldset>
</form>

非常感谢您的帮助！

此致

约翰

推荐答案

如果您希望Google跳过对已授权您应用程序的人员的授权提示，请在顶部的配置块中添加以下代码:

If you'd like Google to skip the authorization prompt for people who have already authorized your application, add this code in your configuration block at the top:

$client->setAccessType("online");
$client-> setApprovalPrompt("auto");

此解决方案有一个陷阱:完成OAuth跳舞后，您将不会收到刷新令牌.这意味着您的用户每次访问令牌到期时都会被重定向到Google的身份验证服务，以获取新的身份验证服务.这大约每小时都会发生一次.

There's one catch with this solution: you will not receive a refresh token when you complete your OAuth dance. This means that your users will be redirected to Google's authentication service every time their access token expires in order to fetch a new one. This will happen roughly every hour.

背景信息

默认情况下，PHP客户端库配置为提供离线访问.您可以在源代码.启用此模式后，OAuth流将产生一个刷新令牌，该令牌可用于请求新的访问令牌如所须.您甚至可能没有注意到这种情况. PHP客户端库为您处理了大部分此类工作.

By default the PHP client library is configured to provide offline access. You can see this in the source code. When this mode is enabled the OAuth flow will yield a refresh token that can be used to request new access tokens as needed. You may not even notice this happening. The PHP client library takes care of most of this for you.

不过，此刷新令牌是有代价的.您负责存储它.如果您丢失了它，则您的用户必须重新授权您的应用程序才能让您获得另一种授权.存储方式很大程度上取决于实现的细节.如果您可以使会话数据足够持久，那么它是一种合理的方法.

This refresh token comes at a cost, though. You are responsible for storing it. If you lose it, your user must re-authorize your application for you to be issued another one. The way you store it depends a lot on the details of your implementation. Session data is a reasonable way to do this if you can make it durable enough.

这篇关于首次登录和授权后，Google + OAuth API会存储和检索令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！