使用 OAuth.io 从 Google 获取刷新令牌 [英] Getting refresh tokens from Google with OAuth.io

问题描述

我正在尝试从 OAuth.io 获取任何基于 Google 的提供商的访问令牌，但是每当我进行身份验证时，我都会得到一个 access_token 但没有 refresh_token.我为 access_type 选择了离线，但仍然不高兴.

I am trying to get access tokens from OAuth.io for any Google based provider however whenever I authenticate I get an access_token but no refresh_token. I have chosen offline for the access_type but still no joy.

我曾尝试查看文档以寻找解决方案，但它几乎没有涵盖与刷新令牌相关的任何内容.

I have tried looking through the documentation for a solution but it barely covers anything related to the refresh token.

推荐答案

要从 Google 获取刷新令牌，您需要做两件事:

To get the refresh token from Google, you need 2 things:

• 离线选项参见 https://developers.google.com/accounts/docs/OAuth2WebServer

可用于获取新访问令牌的令牌.刷新令牌在用户撤销访问之前一直有效.仅当授权代码请求中包含 access_type=offline 时才会出现此字段."

"A token that may be used to obtain a new access token. Refresh tokens are valid until the user revokes access. This field is only present if access_type=offline is included in the authorization code request."

approval_prompt 选项设置为强制"参见 https://developers.google.com/accounts/docs/OAuth2WebServer

"重要提示:当您的应用程序收到刷新令牌时，请务必存储该刷新令牌以备将来使用.如果您的应用程序丢失了刷新令牌，则必须在获取另一个刷新令牌之前重新提示用户同意.如果需要重新提示用户同意，请在授权码请求中包含approval_prompt参数，并将该值设置为force."

"Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the approval_prompt parameter in the authorization code request, and set the value to force."

所以你的脚本应该看起来像

so your script should look something like

OAuth.popup('google', {
   authorize: {
      approval_prompt: 'force'
   }
}).then(function(google) {
   console.log(google.refresh_token)
   //send the refresh token to your server
})

如果您在客户端(Javascript/iOS/Android/Phonegap)工作，您可能还需要激活以下选项:Send refresh token to front-end 在 OAuth.io 仪表板中> 常规 > 允许您的客户端 SDK 检索刷新令牌的高级选项

If you are working client-side (Javascript / iOS / Android / Phonegap), you may also need to activate the following option: Send refresh token to front-end in the OAuth.io dashboard > General > advanced option to allow your client side SDK to retrieve the refresh token

https://jsfiddle.net/Lqyc5jpw/

这篇关于使用 OAuth.io 从 Google 获取刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！