在MVC应用程序谷歌OAuth访问令牌过期？ [英] Google OAuth access token expiration in MVC app?

问题描述

我写了使用谷歌的oauth2一个MVC应用程序如下指示：
<一href=\"https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications\">https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications

我有一个访问令牌到期的问题。当访问令牌到期后，我打电话谷歌API时得到异常：访问令牌已过期，但我们不能刷新

最初的身份验证是两个迭代机制：

第一次迭代AuthorizeAsync返回结果空凭证，并填充RedirectUri：

所以，创建授权网址是：

<$p$p><$c$c>https://accounts.google.com/o/oauth2/auth?access_type=offline&response_type=$c$c&client_id=MYCLIENTID&redirect_uri=http:%2F%2Flocalhost%2FHomepage%2FAuthCallback%2FIndexAsync&scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar https:%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly&state=http:%2F%2Flocalhost%2FHomepage%2F95419199

注意ACCESS_TYPE =离线present。所以，我应该得到的刷新令牌回以及（不会发生）。

第二次迭代 - AuthorizeAsync回报与人口凭据和空RedirectUri结果：

问题1 - ？是RefreshToken应该是空在这一刻

结果被记住，因为它定义为静态。

这进来下一步要求 - 需要result.Credential调用谷歌日历API日历动作：

问题2 - 如果访问令牌由那一刻到期（用于测试我只设置ExpiresInSeconds = 0），我称之为RefreshTokenAsync方法，但它总是返回假！为什么？缺少什么我在这里？

什么是处理时RefreshTokenAsync返回false的正确方法？
当前RedirectResult（result.RedirectUri）命令就会失败，因为result.RedirectUri为null。

解决方案

呵呵，我终于得到它:)
对于那些谁感兴趣 - 刷新令牌只发出一次，当你得到同意画面，在那里你必须单击是

所以，为了得到刷新令牌，进入您的帐户设置，帐户权限：<一href=\"https://security.google.com/settings/security/permissions\">https://security.google.com/settings/security/permissions

和撤销你在谷歌开发者控制台中配置的项目访问：<一个href=\"https://console.developers.google.com/project\">https://console.developers.google.com/project

现在，把一个断点之后您调用AuthorizeAsync，重新启动在调试模式下您的应用程序，得到同意画面要求的权限，单击接受下一行。

该应用程序将返回VS，并将停止对你的破发点。

现在，记录某处result.Credential.Token.RefreshToken价值，这是一个加密的字符串。

我把我在web.config中appsetting为简单起见。

现在，我只分配一个值回result.Credential.Token.RefreshToken = refreshToken;

和每一次，当访问令牌过期后，它会自动刷新。

喜欢这里当我打电话GmailService request.Execute（...）传递一个包含令牌的凭据对象，令牌将被刷新。

I wrote an MVC app using Google Oauth2 as instructed here: https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications

I have an issue with access token expiration. When access token expires, I get the exception when calling Google API: "The access token has expired but we can't refresh it"

The initial authentication is two iterations mechanism:

first iteration AuthorizeAsync returns result with empty Credential, and populated RedirectUri:

So, the authorization url created is this:

https://accounts.google.com/o/oauth2/auth?access_type=offline&response_type=code&client_id=MYCLIENTID&redirect_uri=http:%2F%2Flocalhost%2FHomepage%2FAuthCallback%2FIndexAsync&scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar https:%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly&state=http:%2F%2Flocalhost%2FHomepage%2F95419199

Note that access_type=offline is present. So I should get the refresh token back as well (doesn't happen).

second iteration - AuthorizeAsync returns result with populated Credential and empty RedirectUri:

Question1 - is RefreshToken supposed to be null at this moment?

The result is remembered, since it's defined as static.

Next request that comes in - the Calendar action that requires result.Credential to call Google Calendar API:

Question2 - if access token expires by that moment (for testing I just set ExpiresInSeconds = 0), I call RefreshTokenAsync method, but it always returns false! Why? What am I missing here?

And what would be the right way to handle when RefreshTokenAsync returns false? Current RedirectResult(result.RedirectUri) command will fail since result.RedirectUri is null.

解决方案

Oh, I finally got it :) For those who interested - refresh token is only issued once, when you get that Consent screen, where you have to click Yes.

So, in order to get refresh token, go to your account setting, Account Permissions: https://security.google.com/settings/security/permissions

and revoke access for the project you configured in Google Developers Console: https://console.developers.google.com/project

Now, put a breakpoint on the next line after you call AuthorizeAsync, restart your application in Debug mode, get that consent screen asking for permissions, click Accept.

The app will return to VS and will stop on your break point.

Now, record somewhere the result.Credential.Token.RefreshToken value, it's an encrypted string.

I placed my in web.config appsetting for simplicity.

Now, I just assign that value back to result.Credential.Token.RefreshToken = refreshToken;

and every time, when access token expires, it will automatically refresh it.

Like here when I call GmailService request.Execute(...) passing the credential object that contains the token, the token will be refreshed.

这篇关于在MVC应用程序谷歌OAuth访问令牌过期？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！