在没有用户同意的情况下在 Android 中处理过期的访问令牌 [英] Handling expired access token in Android without user concent

问题描述

我正在尝试在测试 Android 应用程序中使用新的 Gmail API.在与授权进度进行多次斗争之后，我特别发现，GoogleAuthUtil.getToken() 方法没有返回足够的访问令牌，可用于访问 Gmail API 功能(尝试执行任何操作时将返回 403 错误API).也就是说，我确实设法接收到足够令牌的唯一方法是使用 WebView 和(已安装的应用程序 - > API 控制台上的其他客户端 ID)执行身份验证过程.因此，从某种意义上说，这是一个双赢的局面，因为我终于可以使用 API，但仍然存在的问题是，当用于 API 调用的访问令牌过期或遭到破坏时会发生什么?有没有办法在不弹出同意屏幕的情况下接收新令牌?在所有用户已经批准申请之后.

I am trying to use the new Gmail API in a test Android Application. After much battling with the authorization progress I have discovered that specifically, The GoogleAuthUtil.getToken() method does not return a sufficient access token that can be used to access the Gmail API features (will return a 403 error when trying to do any action with the API). That said, the only way I did manage to receive a sufficient token is by doing the authentication process using a WebView and a (Installed application -> Other client ID on the API Console). So in one way it's a win win situation cause I can finally use the API, but the question that remains is what happens when the access token used for the API calls will expire or be compromised? Is there a way to receive a new token without popping out a consent screen? After all the User have already approved the application.

非常感谢.

以下是使用刷新令牌获取新令牌的方法:感谢@Noam

here's how you get a new token using a refresh token: Thanks to @Noam

        httpClient = new DefaultHttpClient();
        httpPost = new HttpPost(address);
        params.add(new BasicNameValuePair("refresh_token", token));
        params.add(new BasicNameValuePair("client_id", client_id));
        params.add(new BasicNameValuePair("client_secret", client_secret));
        params.add(new BasicNameValuePair("grant_type", "refresh_token"));
        httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        httpPost.setEntity(new UrlEncodedFormEntity(params));
        HttpResponse httpResponse = httpClient.execute(httpPost);
        HttpEntity httpEntity = httpResponse.getEntity();
        is = httpEntity.getContent();

推荐答案

你可以使用 GoogleAuthUtil.getToken() 你只需要添加范围 "https://www.googleapis.com/auth/gmail.readonly" 使用 builder.addScope().

you can use GoogleAuthUtil.getToken() you just need to add the scope "https://www.googleapis.com/auth/gmail.readonly" with builder.addScope().

这篇关于在没有用户同意的情况下在 Android 中处理过期的访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！