OAuth2 和 Google API:访问令牌过期时间? [英] OAuth2 and Google API: access token expiration time?

问题描述

我们有一个独立的 Java 应用程序(请参阅已安装的应用程序")定期运行并使用 Google API(从客户数据库/ldap/...更新一些信息).

We have a standalone Java application (see "Installed application") which runs periodically and uses Google API (updates some information from customer databases/ldap/...).

为了访问 Google API，我们将用户名和密码存储在配置文件中，这是一种安全风险，客户不喜欢这样.所以我们想改用 OAuth2 长期访问令牌.

To access Google APIs we store username and password in configuration file, which is a security risk and customer does not like that. So we would like to use OAuth2 long-living access token instead.

Google OAuth2 访问令牌的默认过期时间是多少?

由于我们在应用程序中只有访问令牌，当访问令牌过期时，应用程序本身无法刷新它.

As we will have only access token in application, app itself cannot refresh it when access token expires.

我个人认为在这种情况下实现 OAuth2 不会带来任何重大好处，但让我们专注于主要问题 - 默认到期时间.

推荐答案

您不应该根据访问令牌的特定生命周期来设计您的应用程序.假设它们(非常)短命.

You shouldn't design your application based on specific lifetimes of access tokens. Just assume they are (very) short lived.

但是，在成功完成 OAuth2 安装应用程序流程后，您将获得一个刷新令牌.此刷新令牌永不过期，您可以根据需要使用它来交换访问令牌.保存刷新令牌，并使用它们按需获取访问令牌(然后应立即用于访问用户数据).

However, after a successful completion of the OAuth2 installed application flow, you will get back a refresh token. This refresh token never expires, and you can use it to exchange it for an access token as needed. Save the refresh tokens, and use them to get access tokens on-demand (which should then immediately be used to get access to user data).

尽管上面有我的评论，但有两种简单的方法可以获取访问令牌过期时间:

My comments above notwithstanding, there are two easy ways to get the access token expiration time:

1. 当您交换刷新令牌(使用/o/oauth2/token 端点)时，它是响应 (expires_in) 中的一个参数.更多详情.

2. 还有一个API可以返回access_token的剩余生命周期:

1. It is a parameter in the response (expires_in)when you exchange your refresh token (using /o/oauth2/token endpoint). More details.

2. There is also an API that returns the remaining lifetime of the access_token:

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={accessToken}

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={accessToken}

这将返回一个包含 expires_in 参数的 json 数组，该参数是令牌生命周期中剩余的秒数.

This will return a json array that will contain an expires_in parameter, which is the number of seconds left in the lifetime of the token.

这篇关于OAuth2 和 Google API:访问令牌过期时间?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！