Twitter oauth 刷新令牌 [英] Twitter oauth refresh token
问题描述
我已经观看了一些关于使用 oauth 进行身份验证的视频,并且已经开始进行身份验证部分,但我有以下问题.
I have watched some videos on authenticating using oauth and have gotten the authentication part going but I have the following of questions.
Q1- 访问令牌会过期吗?
Q1- Do access tokens expire?
Q2 - 一旦 twitter 访问令牌过期,我是否必须让用户完成整个用户身份验证过程(用户再次对应用程序进行身份验证)?
Q2 -Do I have to make the user go through the whole user authentication process (with user authenticating the app again) once the twitter access token expires?
Q3-一旦我们拥有访问令牌,是否可以离线访问用户的内容
Q3-Is offline access to user's content possible once we have the access token
好的,只是为了提供更多背景信息,这就是我的场景.基本上,我们的移动应用程序希望与 twitter 集成,并且它有一个服务器端需要咀嚼用户的 twitter 提要.这就是我们正在考虑这样做的方式.一旦用户使用移动平台对我们的应用程序进行身份验证,我们希望将此用户访问令牌存储在我们的服务器中,定期轮询他的提要,并对他的提要进行一些数据咀嚼.为此,我们需要
Ok so just to give some more context this is the scenario I have. Basically our mobile app is looking to integrate with twitter and there is a server side to it which needs to munch user's twitter feeds. And this is how we are thinking of doing it. Once the user authenticates our app using the mobile platform, we want to store this user access token in our server, poll his feeds at regular intervals and do some data munching on his feeds. For that we need
-离线访问用户数据- 如果前一个访问令牌最好在服务器端过期,则无需用户干预即可获得新的访问令牌.
-Offline access to user's data -Get a new access token without user's intervention if the previous one expires preferrably on the server side.
我们不想让用户再次验证我们的应用程序.
We don't want to have to go through user authenticating our app again.
推荐答案
OAuth 2 规范的编写方式使得过期的访问令牌成为受支持的用例.例如,在 http://tools.ietf.org/html/rfc6749 中搜索过期".
The OAuth 2 spec is written in such a way that expired access tokens are a supported use case. Search for "expire" in http://tools.ietf.org/html/rfc6749 for example.
也就是说,Twitter OAuth 常见问题指出:
我们目前不会使访问令牌过期.如果用户从他们的设置中明确拒绝了您的应用程序,或者 Twitter 管理员暂停了您的应用程序,您的访问令牌将无效.如果您的申请被暂停,您的申请页面上会显示一条说明已暂停.
We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.
澄清一下,Twitter 对 OAuth 的使用比 Facebook 或 Google 的要简单得多.有关详细信息和进一步帮助,Google 是您的朋友.;-)
To clarify, Twitter's use of OAuth is much more basic than Facebook's or Google's. For details and further help, Google is your friend. ;-)
这篇关于Twitter oauth 刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
