首次登录和授权后，Google+ OAuth API 存储和检索令牌 [英] Google+ OAuth API store and retrieve tokens after first login and authorization

查看：29 发布时间：2021/12/29 15:08:51 oauth-2.0 google-plus

本文介绍了首次登录和授权后，Google+ OAuth API 存储和检索令牌的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已阅读有关如何使用 Google API 的文档、示例和教程，我已经运行了一个显示您的最新活动和信息的小应用程序，但我使用会话来存储令牌.

我的问题是，如何从数据库中存储和检索令牌，以便当用户(已注册)单击登录"时，它可以立即使用该 API，而无需重复授权?请注意，我使用该示例作为我的迷你应用程序的起点.

这是一个代码片段:

$client = new apiClient();$client->setApplicationName(APP_NAME);$client->setClientId(CLIENT_ID);$client->setClientSecret(CLIENT_SECRET);$client->setRedirectUri(REDIRECT_URL);$client->setDeveloperKey(DEV_KEY);$plus = new apiPlusService($client);$google_userinfo = new apiOauth2Service($client);$message = "";//在真正的应用程序中，这将存储在数据库中，而不是在会话中！如果 (isset($_SESSION['token']))$client->setAccessToken($_SESSION['token']);$_SESSION['token'] = $client->getAccessToken();如果(isset($_GET['代码'])){$client->authenticate();//在真正的应用程序中，这将存储在数据库中，而不是在会话中！$_SESSION['token'] = $client->getAccessToken();header('位置:http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);}...//在这里的某个地方，我添加了一个将 $_SESSION['token'] 与用户信息联系起来的函数....<form action="" method="post" id="form1" name="form1"><字段集><div id="main-url-section" style="width: 50%;margin: 0px auto;text-align: center;"><?php$authUrl = $client->createAuthUrl();打印 "<p><a class='login' href='$authUrl'>登录我！</a></p>";?>

</fieldset></表单>

非常感谢您的帮助！

问候，

约翰

解决方案

如果您希望 Google 跳过对已经授权您的应用程序的人的授权提示，请在顶部的配置块中添加以下代码:

$client->setAccessType("online");$客户端->setApprovalPrompt("自动");

此解决方案有一个问题:当您完成 OAuth 舞蹈时，您不会收到刷新令牌.这意味着您的用户每次访问令牌过期时都会被重定向到 Google 的身份验证服务，以便获取新的令牌.这种情况大约每小时都会发生一次.

背景信息

默认情况下，PHP 客户端库配置为提供离线访问.您可以在源代码.启用此模式后，OAuth 流将产生一个刷新令牌，可用于请求新的访问令牌如所须.您甚至可能没有注意到这种情况的发生.PHP 客户端库会为您处理大部分工作.

不过，这个刷新令牌是有代价的.您有责任存储它.如果您丢失了它，您的用户必须重新授权您的应用程序，以便向您发出另一个应用程序.您存储它的方式在很大程度上取决于您的实现细节.如果您能让会话数据足够持久，那么它是一种合理的方法.

I have read the documentation, examples and tutorials of how to use the Google API, I have a mini-app running already that shows your latest activities and information, but I use sessions to store the token.

My question is, how can I store and retrieve the token from the database so that when a user (who has already registered) clicks "login", it can use the API right away without repeated authorization? Note that I used the example as a starting point for my mini-app.

Here's a code snippet:

$client = new apiClient();
$client->setApplicationName(APP_NAME);
$client->setClientId(CLIENT_ID);
$client->setClientSecret(CLIENT_SECRET);
$client->setRedirectUri(REDIRECT_URL);
$client->setDeveloperKey(DEV_KEY);

$plus = new apiPlusService($client);
$google_userinfo = new apiOauth2Service($client);

$message = "";

// In a real application this would be stored in a database, and not in the session!
if (isset($_SESSION['token']))
  $client->setAccessToken($_SESSION['token']);

$_SESSION['token'] = $client->getAccessToken();

if (isset($_GET['code'])) {
   $client->authenticate();
  // In a real application this would be stored in a database, and not in the session!
  $_SESSION['token'] = $client->getAccessToken();
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}
...
 //Somewhere here, I added a function that ties $_SESSION['token'] to the user's info.
...
<form action="" method="post" id="form1" name="form1">
   <fieldset>
      <div id="main-url-section" style="width: 50%;margin: 0px auto;text-align: center;">
         <?php
            $authUrl = $client->createAuthUrl();
            print "<p><a class='login' href='$authUrl'>Log me in!</a></p>";
         ?>                                 
      </div>
    </fieldset>
</form>

Thank you so much for the help!

Regards,

John

解决方案

If you'd like Google to skip the authorization prompt for people who have already authorized your application, add this code in your configuration block at the top:

$client->setAccessType("online");
$client-> setApprovalPrompt("auto");

There's one catch with this solution: you will not receive a refresh token when you complete your OAuth dance. This means that your users will be redirected to Google's authentication service every time their access token expires in order to fetch a new one. This will happen roughly every hour.

Background Info

By default the PHP client library is configured to provide offline access. You can see this in the source code. When this mode is enabled the OAuth flow will yield a refresh token that can be used to request new access tokens as needed. You may not even notice this happening. The PHP client library takes care of most of this for you.

This refresh token comes at a cost, though. You are responsible for storing it. If you lose it, your user must re-authorize your application for you to be issued another one. The way you store it depends a lot on the details of your implementation. Session data is a reasonable way to do this if you can make it durable enough.

这篇关于首次登录和授权后，Google+ OAuth API 存储和检索令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

首次登录和授权后，Google+ OAuth API 存储和检索令牌 [英] Google+ OAuth API store and retrieve tokens after first login and authorization

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

首次登录和授权后，Google+ OAuth API 存储和检索令牌 [英] Google+ OAuth API store and retrieve tokens after first login and authorization

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭