Firebase Google Auth离线访问类型,以获得令牌刷新 [英] Firebase Google Auth offline access_type in order to get a token refresh
问题描述
是否可以通过Firebase获得离线access_type Google oauth标记,以便Google返回refresh_token( https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl )?有了refresh_token,我想我可以为api调用抓取一个新的access_token。
我正在尝试这个,但是它绝对不支持:
<$ p $ this.firebase.authWithOAuthPopup(google,this.authenticateGoogle.bind(this),{
access_type:'offline',< - 不传递给Google
范围:https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com /auth/devstorage.read_write'
});
所有致电 https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=abcd 将access_type显示为在线。
谢谢
现在解决了。根据Firebase的 Rob DiMarco :不幸的是,目前无法通过Firebase获取Google OAuth刷新令牌,虽然这是我们意识到并希望解决的问题。
We are using firebase with google authentication. We chose Google because our application makes Google API calls. We authorize these api calls with the access_token included in authorization payload that is returned from firebase. However, we are having trouble figuring out how to refresh the access_token after it expires. According to Google, we should assume the access_token may expire for various reasons.
Therefore, (as I understand it) we need a way to refresh this token without forcing the user to reauthorize. Ideally, I could request the offline access_type when requesting the firebase auth...but I dont see how to do that (short of triggering firebase.authWithOAuthPopup(...) again, which we absolutely do not want to do as the users session is obviously still valid.
Is it possible to get an offline access_type Google oauth token through Firebase so that Google will return a refresh_token (https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl)? With a refresh_token, I think I can grab a new access_token for api calls.
I was trying this but its definitely not supported:
this.firebase.authWithOAuthPopup("google", this.authenticateGoogle.bind(this), {
access_type: 'offline', <-- not passed to Google
scope: 'https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/devstorage.read_write'
});
All calls to https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=abcd show the access_type as online.
Thanks
SOLVED for now. According to Rob DiMarco from Firebase: "Unfortunately, it is not currently possible to get a Google OAuth refresh token via Firebase, though it's something we're aware of and hope to fix."
这篇关于Firebase Google Auth离线访问类型,以获得令牌刷新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!