由于几天刷新令牌已自动过期 [英] Since couple of days Refresh token has been automatically expired
问题描述
- 我们在 Google API 控制台有 Google OAuth2 Web 客户端
- 在 Oauth Web 客户端的帮助下,我们为每个用户获取刷新令牌(通过使用 Web 身份验证和音乐会屏幕)
- 我们将收到的刷新令牌存储到数据库中,并且系统使用此用户特定的刷新令牌来代表登录用户自动创建 Google 日历事件(我们有大约 1000 个用户)
问题:几天后刷新令牌已自动过期并出现以下错误.
{错误":invalid_grant",error_description":令牌已过期或撤销."}
当用户重新注册系统收到新的刷新令牌并且一切再次开始工作时,但是一段时间后(不确定,但在不到一两天内)他们又开始收到令牌已过期或撤销错误.
刷新令牌是否有任何限制?使用相同的 API 客户端获取刷新令牌是否有任何限制?(我们有个人 1000 个 Gsuit 或 Gmail 用户使用他们的个人 Gmail 或 Gsuit 帐户单独注册了刷新令牌)是否有任何 API 更改以获得长效刷新令牌?
问候,DP
您的问题
<块引用>刷新令牌是否有任何限制?
您可以授权用户并获得刷新令牌,然后再次授权同一用户并获得第二个刷新令牌.用户现在有两个未完成的刷新令牌并且都可以工作.您最多可以执行此操作五十次,并为此用户拥有五十个未完成的刷新令牌.一旦你再做一次,第一个就会过期.
您可以为一个用户拥有五十个常设刷新令牌,因此如果您要重新授权它们,请确保使用最新的刷新令牌替换存储在数据库中的令牌.
<块引用>使用相同的 API 客户端获取刷新令牌是否有任何限制?(我们有 1000 个 Gsuit 或 Gmail 用户,他们使用个人 Gmail 或 Gsuit 帐户单独注册了刷新令牌)
您的客户可以授权任意数量的用户.您的系统可以拥有的用户数量没有限制.
<块引用>是否有任何 API 更改以获得长效刷新令牌?
我不知道
错误信息
这里可能会发生一些事情.
首先是用户有权通过他们的谷歌帐户撤销您的访问权限.在我看来,这可能就是正在发生的事情.
第二个问题是它的 10 月和 Google 夏令时即将开始.几年前,存在夏令时过期令牌的问题.
第三个问题是,如果您的刷新令牌在过去六个月内没有使用过,它将被谷歌过期.
事实上,由于上述原因,刷新令牌并不完美.您的系统应设计为在刷新令牌失败时处理此问题,然后只需将其设置为再次请求用户访问即可.
<块引用>{ "error": "invalid_grant", "error_description": "Token has been expired or revoked.";}
- We have Google OAuth2 Web client at Google API Console
- With the help of Oauth Web Client, we get Refresh token for each Users ( By using web Authentication & Concert Screen )
- We store received Refresh Token to database and, System user this user specific Refresh token to create Google Calendar Event automatically on behalf of logged in user ( We have around 1000 Users)
Problem : Since couple of days Refresh Token has been expired automatically and getting following error.
{ "error": "invalid_grant", "error_description": "Token has been expired or revoked." }
When user do re-registration System receive new Refresh token and everything again start working, however after some time ( no sure but in less then day or two ) again they start getting Token has been expired or revoked error.
Is there any Limit has been expose on Refresh Token ? Is there any Limit to get Refresh Token by using Same API Client? ( We have individual 1000 Gsuit or Gmail user who have registered for Refresh Token individually using by using their person Gmail or Gsuit Account) Is there any API change to get long live Refresh token ?
Regards, DP
Your Questions
Is there any Limit has been expose on Refresh Token ?
You can authorize a user and get a refresh token, then authorize the same user again and get a second refresh token. The user now has two outstanding refresh tokens and both work. You can do this up to fifty times and have fifty outstanding refresh tokens for this user. Once you do it again the first one will expire.
You can have fifty out standing refresh tokens for a user so if you are re authorizing them make sure that you are replacing the one stored in your database with the newest refresh token.
Is there any Limit to get Refresh Token by using Same API Client? ( We have individual 1000 Gsuit or Gmail user who have registered for Refresh Token individually using by using their person Gmail or Gsuit Account)
Your client can authorize as many users as you like. There is no limit to the number of users you system can have.
Is there any API change to get long live Refresh token ?
Not that i am aware of
The error message
There are a couple of things that could be happening here.
The first being that the user has the power to revoike your access though the their google account. It looks to me like this may be what is happening.
The second issue is the fact that its October and Google daylight savings time is kicking in. Several years ago there was an issue with daylight savings time expiring tokens.
Third issue is that if your refresh token has not been used in the last six months it will be expired by google.
The fact of the matter is that refresh tokens are not perfect due to the above reasons. Your system should be designed to handle this if the refresh token fails then simply set it up to ask the user for access again.
{ "error": "invalid_grant", "error_description": "Token has been expired or revoked." }
这篇关于由于几天刷新令牌已自动过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
