当没有可用的刷新令牌时,如何刷新或撤销 OAuth2.0 访问/refresh_token? [英] how to refresh or revoke OAuth2.0 access/refresh_token, when no refresh token available?
问题描述
我在沙盒环境中工作,试图找出 Chatter API 调用 - 我在测试期间保存了刷新令牌,但稍后它丢失了.
I was working in my sandbox environment trying to figure out the Chatter API calls - I had saved my refresh token during my testing but it was lost sometime later.
现在,当我尝试点击 API 时,我收到以下错误:
Now when I try to hit the API I am receiving the following error:
过期的访问/刷新令牌"
我现在如何解决这个问题?我没有刷新令牌,所以我无法请求刷新我的令牌,而且我不确定如何通过 UI 过期/删除/撤销它,以便我可以继续我的测试.
How do I get around this now? I do not have a refresh token so i cannot make a request to refresh my token, and i'm not sure how to expire / delete / revoke it via the UI so that I can proceed with my testing.
我的 cUrl 调用如下:
my cUrl call is as follows:
curl
--form client_id=3MVG92.u...2KycWe
--form client_secret=668...930
--form grant_type=password
--form username=mike....com
--form password=*#()@*#$@
--proxy 127.0.0.1:3128 --insecure
https://test.salesforce.com/services/oauth2/token
我尝试过的事情:
- 重置我的密码
- 删除远程访问并使用新的 client_id/secret 创建一个新的访问
- 重置我的安全令牌
有谁知道如何通过 Salesforce 中的 API 或 UI 使令牌过期或获取新的刷新令牌?
Does anyone know how to expire the token or get a new refresh token via the API or UI in salesforce?
推荐答案
要从 UI 撤消访问权限,请单击 Salesforce 右上角菜单中的以下内容:你的名字 |设置 |我的个人信息 |个人信息并点击拒绝
To revoke access from the UI, click on the following in the menu at the top right of Salesforce: Your Name | Setup | My Personal Information | Personal Information and clicking Deny
更多信息在这里:https://na12.salesforce.com/help/doc/en/remoteaccess_about.htm
您使用的是什么范围?如果您指定范围(如api"),则需要通过在范围内(空格分隔)指定刷新令牌"来显式请求刷新令牌.关于范围的更多信息在这里:https://na12.salesforce.com/help/doc/en/remoteaccess_oauth_scopes.htm
What scope are you using? If you specify a scope (like 'api'), you'll need to explicitly request a refresh token by also specifying 'refresh token' in your scope (space delimited). More info on scopes here: https://na12.salesforce.com/help/doc/en/remoteaccess_oauth_scopes.htm
与 Google 不同、Salesforce将多次提供刷新令牌,无论用户是否刚刚批准该应用.
Unlike Google, Salesforce will provide the refresh token multiple times, regardless of whether the user has just approved the app or not.
我一直在使用 Google 的 OAuth 游乐场 来解决这个问题.您可以单击右上角的齿轮并指定 Salesforce 服务的值.授权端点:https://login.salesforce.com/services/oauth2/authorize令牌端点:https://login.salesforce.com/services/oauth2/token客户端 ID/秘密:来自远程访问配置中 Salesforce 的消费者"密钥/秘密信息
I've been playing around with this using Google's OAuth playground. You can click the gear at the top right and specify the values for Salesforce's services. Authorization endpoint: https://login.salesforce.com/services/oauth2/authorize Token endpoint: https://login.salesforce.com/services/oauth2/token Client ID/secret: from Salesforce's 'consumer' key/secret info in the Remote access Config
您需要在应用配置中使用https://code.google.com/oauthplayground/"作为回调网址.
You'll need to use 'https://code.google.com/oauthplayground/' as your callback URL in your app configuration.
这篇关于当没有可用的刷新令牌时,如何刷新或撤销 OAuth2.0 访问/refresh_token?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!