如何在使用 Google API JS 客户端时获取刷新令牌 [英] How to get refresh token while using Google API JS Client
问题描述
我一直在尝试实施一个需要用户授予 Google Analytics 访问权限的应用.我一直在关注本教程:
I have been trying to implement an app that would need user to grant access to Google Analytics. I have been following this tutorial:
https://developers.google.com/analytics/solutions/文章/hello-analytics-api
在其他一些地方有使用相同功能的 AngularJs 代码L
And at some other places there is code for AngularJs which uses the same functionL
https://gist.github.com/jakemmarsh/5809963
我的问题是,身份验证工作得很好,但它没有返回 refresh_token.它从不返回 refresh_token.我已经尝试了网络上所有可能的方法.1.第一次,2. 使用 prompt=force 等.但似乎没有任何东西返回 refresh_token.我猜那部分被客户或其他东西跳过了.
My problem is, that the auth works pretty well, but it does not return a refresh_token. It never returns a refresh_token. I have tried all the possible available on the web. 1. The first time, 2. Using prompt=force etc etc.. But nothing seems to return the refresh_token. I guess that part is skipped by the client or something.
我需要知道如何在用户第一次授予访问权限时获取 refresh_token 以便我可以保存它.
I need to know how can I get the refresh_token when the user grants access for the first time so that I can save it.
推荐答案
它没有按照设计返回刷新令牌.您提到的教程和代码正在使用 适用于 JavaScript 的 Google API 客户端库.此库使用 OAuth 2.0 客户端流程来发出需要授权的请求.
It does not return a refresh token as designed. The tutorial and the code you mentioned are using Google APIs Client Library for JavaScript. This library uses the OAuth 2.0 client-side flow for making requests that require authorization.
正如 OAuth 2.0 授权框架所说:
隐式授权类型用于获取访问令牌(它不支持发布刷新令牌),并针对已知操作特定重定向 URI 的公共客户端进行了优化.这些客户端通常使用 JavaScript 等脚本语言在浏览器中实现.
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.
实际上,授权码流是唯一一个发出刷新令牌的流,谷歌在这些场景中支持这种流:Web 服务器应用程序、已安装的应用程序和有限输入设备上的应用程序,但不支持客户端(JavaScript) 应用程序或服务帐户.从此处获取更多详细信息.
In fact, The authorization code flow is the only one which issue refresh token, and Google supports this flow in these Scenarios: Web server applications, Installed applications, and Applications on limited-input devices, but not Client-side (JavaScript) applications or Service accounts. Get more details from here.
所以你不会以这种方式获得刷新令牌.
So you'll not get refresh token in this way.
这篇关于如何在使用 Google API JS 客户端时获取刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
