过期后无法刷新令牌 [英] Unable to refresh token after expiration
问题描述
我可以验证并获取 access_token 和相应的 refresh_token 很好(后续 API 交互也很好).
I can authenticate and fetch an access_token and the corresponding refresh_token fine (subsequent API interactions are also fine).
但是,我似乎只能刷新令牌(POST
到 /oauth/token
与 grant_type=refresh_token
)before access_token
实际过期.到期后,相同的刷新代码(与文档中提供的完全相同)返回 invalid_grant
错误.
However, I seem to only be able to refresh a token (POST
to /oauth/token
with grant_type=refresh_token
) before the access_token
actually expires. After the expiration, the same refresh code (exactly that provided within the docs), returns with an error of invalid_grant
.
我使用的是 soundcloud-ruby SDK,FWIW,但我可以通过 curl 重现它.
I am using the soundcloud-ruby SDK, FWIW, but I can reproduce it through curl.
顺便说一句,我发现了一些来自 Google Group 的旧消息,其中提到我可以请求一个不会过期的令牌,但我在文档中的任何地方都没有看到这一点.这仍然是一个可行的选择吗?
As an aside, I found some old messages from the Google Group mentioning that I can request a non-expiring token, but I do not see this mentioned anywhere in the docs. Is this still a viable option?
推荐答案
这是正确的.访问令牌过期后无法使用刷新令牌.
That is correct. Refresh tokens cannot be used after an access token expires.
您可以在构建授权 URL 时通过指定 scope=non-expiring
来请求非过期访问令牌.要使用 Ruby SDK 执行此操作,只需将附加参数传递给 authorize_url
方法:
You can request a non-expiring access token by specifying scope=non-expiring
when constructing an authorization URL. To do this with the Ruby SDK, simply pass the additional params to the authorize_url
method:
require 'soundcloud'
client = Soundcloud.new(
:client_id => 'YOUR_CLIENT_ID',
:client_secret => 'YOUR_CLIENT_SECRET',
:redirect_uri => 'REDIRECT_URI'
)
client.authorize_url(:scope => 'non-expiring')
流程的其余部分应该完全相同(从查询字符串中获取 'code' 参数并向 /oauth2/token
发出 POST
请求).
The rest of the flow should be exactly the same (grab the 'code' parameter from the query string and make a POST
request to /oauth2/token
).
这篇关于过期后无法刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!