Google API 刷新令牌限制 [英] Google API refresh token limit
问题描述
我正在开发一个应用程序,我需要在其中访问多个谷歌日历.所有这些日历都来自不同的用户.现在我正在使用 OAuth2 进行同步.但据我所知,我只能为每个客户端 ID 生成 25 个刷新令牌.
I'm developing an application wherein I need to access multiple google calendars. All these calendars come from different users. And right now I am using OAuth2 for the syncing. But as I understand it, I can only generate 25 refresh tokens per client ID.
Note: Save refresh tokens in secure long-term storage and continue to use
them as long as they remain valid. Limits apply to the number of refresh
tokens that are issued per client-user combination, and per user across all clients,
and these limits are different. If your application requests enough refresh tokens
to go over one of the limits, older refresh tokens stop working.
按照建议,我将刷新令牌保留在我的数据库中.但我的问题是,如果我有更多想要同步日历的客户怎么办?有什么办法可以忽略限制吗?当然没有.我现在想到的只是创建更多的客户端 ID.有什么建议吗?
As advised, I am keeping the refresh tokens in my DB. But my problem is, what if I get more clients who would want to sync their calendar? Is there any way to overlook the limit? Of course there isn't. What I have in mind right now is just to create more client IDs. Any advise?
推荐答案
每个用户(客户-用户)50 个,就像在您的客户的用户中一样.不是client_id.对于对您的应用程序进行身份验证的每个人,您最多可以让他们对其进行 50 次身份验证.您收到的每个刷新令牌都将起作用.50 日之后,第一个将停止工作.我认为它们也可以工作长达 6 个月,如果它没有被使用 6 个月就会失效.
Its 50 per user (client-user) as in User of your Client. Not client_id. For each person that authenticates your application you can have them authenticate it up to 50 times. Each Refresh token you receive will work. After the 50th the first one will stop working. They will also work for up to 6 months I think, if it hasn't been used for 6 months it will be invalidated.
您可以让尽可能多的人使用您的客户端 (client_id) 来验证您的身份.你不会有任何问题.
You can have as many people use your Client (client_id) as are willing to authenticate you. You wont have any problems.
从 Google Oauth2 文档中找到此处
From Google Oauth2 Documentation found here
令牌过期
您必须编写代码以预测授予的令牌可能不再有效的可能性.由于以下原因之一,令牌可能会停止工作:
You must write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:
• 用户已撤销访问权限.
• The user has revoked access.
• 令牌已六个月未使用.
• The token has not been used for six months.
• 用户更改了密码并且令牌包含 Gmail 范围.
• The user changed passwords and the token contains Gmail scopes.
• 用户帐户已超过一定数量的令牌请求.
• The user account has exceeded a certain number of token requests.
目前每个客户每个用户帐户的刷新令牌限制为 50 个.如果达到限制,创建新令牌会自动使最旧的令牌无效,而不会发出警告.此限制不适用于服务帐号.
There is currently a limit of 50 refresh tokens per user account per client. If the limit is reached, creating a new token automatically invalidates the oldest token without warning. This limit does not apply to service accounts.
用户帐户或服务帐户在所有客户端上可以拥有的令牌总数也有更大的限制.大多数普通用户不会超过此限制,但开发者的测试帐户可能会.
There is also a larger limit on the total number of tokens a user account or service account can have across all clients. Most normal users won't exceed this limit but a developer's test account might.
如果您需要授权多个程序、机器或设备,一种解决方法是将您授权每个用户帐户的客户端数量限制为 15 或 20.如果您是 Google Apps 管理员,则可以创建其他管理员用户并使用它们来授权一些客户.
If you need to authorize multiple programs, machines, or devices, one workaround is to limit the number of clients that you authorize per user account to 15 or 20. If you are a Google Apps admin, you can create additional admin users and use them to authorize some of the clients.
问题:你在哪里找到的?我想向谷歌报告它有点令人困惑
Question: Where did you find this? I would like to report it to Google its a bit confusing
注意:将刷新令牌保存在安全的长期存储中并继续只要它们仍然有效,就可以使用它们.限制适用于每个客户端-用户组合颁发的刷新令牌,以及所有客户端的每个用户,这些限制是不同的.如果你的应用程序请求足够的刷新令牌来检查其中一个限制,旧的刷新令牌停止工作.
Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.
这篇关于Google API 刷新令牌限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
