过期后无法刷新令牌 [英] Unable to refresh token after expiration

问题描述

我可以验证并获取 access_token 和相应的 refresh_token 很好(后续 API 交互也很好).

I can authenticate and fetch an access_token and the corresponding refresh_token fine (subsequent API interactions are also fine).

但是，我似乎只能刷新令牌(POST 到 /oauth/token 与 grant_type=refresh_token)before access_token 实际过期.到期后，相同的刷新代码(与文档中提供的完全相同)返回 invalid_grant 错误.

However, I seem to only be able to refresh a token (POST to /oauth/token with grant_type=refresh_token) before the access_token actually expires. After the expiration, the same refresh code (exactly that provided within the docs), returns with an error of invalid_grant.

我使用的是 soundcloud-ruby SDK，FWIW，但我可以通过 curl 重现它.

I am using the soundcloud-ruby SDK, FWIW, but I can reproduce it through curl.

顺便说一句，我发现了一些来自 Google Group 的旧消息，其中提到我可以请求一个不会过期的令牌，但我在文档中的任何地方都没有看到这一点.这仍然是一个可行的选择吗?

As an aside, I found some old messages from the Google Group mentioning that I can request a non-expiring token, but I do not see this mentioned anywhere in the docs. Is this still a viable option?

推荐答案

这是正确的.访问令牌过期后无法使用刷新令牌.

That is correct. Refresh tokens cannot be used after an access token expires.

您可以在构建授权 URL 时通过指定 scope=non-expiring 来请求非过期访问令牌.要使用 Ruby SDK 执行此操作，只需将附加参数传递给 authorize_url 方法:

You can request a non-expiring access token by specifying scope=non-expiring when constructing an authorization URL. To do this with the Ruby SDK, simply pass the additional params to the authorize_url method:

require 'soundcloud'

client = Soundcloud.new(
  :client_id => 'YOUR_CLIENT_ID',
  :client_secret => 'YOUR_CLIENT_SECRET',
  :redirect_uri => 'REDIRECT_URI'
)

client.authorize_url(:scope => 'non-expiring')

流程的其余部分应该完全相同(从查询字符串中获取 'code' 参数并向 /oauth2/token 发出 POST 请求).

The rest of the flow should be exactly the same (grab the 'code' parameter from the query string and make a POST request to /oauth2/token).

这篇关于过期后无法刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！