如何使用refresh_token获取新的access_token（使用Flask-OAuthLib）？ [英] How to use a refresh_token to get a new access_token (using Flask-OAuthLib)?

问题描述

我正在用 FLask框架构建一个网站+后端，我在其中使用 Flask-OAuthlib 来验证谷歌。认证后，后端需要定期扫描用户他的Gmail。所以当前用户可以验证我的应用程序，并存储 access_token 和 refresh_token 。 access_token 在一小时后过期，所以在这一小时内，我可以像这样获得用户信息：

  google = oauthManager.remote_app（
'google'，
 consumer_key ='xxxxxxxxx.apps.googleusercontent.com'，
 consumer_secret ='xxxxxxxxx'，
 request_token_params = {
'scope'：['https://www.googleapis.com/auth/userinfo.email'，'https://www.googleapis.com/auth/gmail.readonly']， 
'access_type'：'offline'
}，
 base_url ='https：//www.googleapis.com/oauth2/v1/'，
 request_token_url =无，
 access_token_method ='POST'，
 access_token_url ='https：//accounts.google.com/o/oauth2/token'，
 authorize_url ='https：//accounts.google.com/o / oauth2 / auth'
）
 
 token =（the_stored_access_token，''）
 userinfoObj = google.get（'userinfo'，token = token）.data 
 userinf oObj ['id']＃打印出我的谷歌id 
  

一旦小时结束，我需要使用refresh_token（我已经存储在我的数据库中）来请求一个新的 access_token 。我尝试用 the_stored_refresh_token 替换 the_stored_access_token ，但这只是给我一个无效的凭证 -error。

在这个github问题我读了以下内容：

无论您如何获得访问令牌/刷新令牌授权代码授权或资源所有者密码凭证），则以相同的方式交换它们，方法是将refresh标记作为refresh_token传递，grant_type设置为'refresh_token'。

从这我明白，我不得不创建一个像这样的远程应用程序：
$ b $ pre $ google = oauthManager.remote_app
'google'，
＃也是consumer_key，secret，request_token_params等。
grant_type ='refresh_token'，
refresh_token = u'1 / xK_ZIeFn9quwvk4t5VRtE2oYe5yxkRDbP9BQ99NcJ T0'
）


但是这会导致 TypeError：__init__ （）得到了一个意外的关键字参数refresh_token。所以从这里我有点失落。

有谁知道如何使用 refresh_token 来获得一个新的的access_token ？所有提示都是可以的！

b $ b

  from urllib2 import Request，urlopen，URLError $ b $ from webapp2_extras import json 
 import mimetools 
 BOUNDARY = mimetools.choose_boundary（）
 def refresh_token（）
 url = google_config ['access_token_url'] 
 headers = [
（grant_type，refresh_token），
（client_id ），
（client_secret，< client_secret>），
（refresh_token，< refresh_token>），
] 
 
 files = ] 
 edata = EncodeMultiPart（header，files，file_type ='text / plain'）
 headers = {} 
 request = Request（url，headers = headers）
 request.add_data （edata）
 
 request.add_header（'Content-Length'，str（len（edata）））
 request.add_header（'Content-Type'，'multipart / form-data; boundar y =％s'％BOUNDARY）
 try：
 response = urlopen（request）.read（）
 response = json.decode（response）
除URLError外，e：
 ... 
  

EncodeMultipart函数取自这里：
https://developers.google.com/cloud-print/docs/pythonCode

务必使用相同的BOUNDARY

I'm building a website + backend with the FLask Framework in which I use Flask-OAuthlib to authenticate with google. After authentication, the backend needs to regularly scan the user his Gmail. So currently users can authenticate my app and I store the access_token and the refresh_token. The access_token expires after one hour, so within that one hour I can get the userinfo like so:

google = oauthManager.remote_app(
        'google',
        consumer_key='xxxxxxxxx.apps.googleusercontent.com',
        consumer_secret='xxxxxxxxx',
        request_token_params={
            'scope': ['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/gmail.readonly'],
            'access_type': 'offline'
        },
        base_url='https://www.googleapis.com/oauth2/v1/',
        request_token_url=None,
        access_token_method='POST',
        access_token_url='https://accounts.google.com/o/oauth2/token',
        authorize_url='https://accounts.google.com/o/oauth2/auth'
    )

token = (the_stored_access_token, '')
userinfoObj = google.get('userinfo', token=token).data
userinfoObj['id']  # Prints out my google id

Once the hour is over, I need to use the refresh_token (which I've got stored in my database) to request a new access_token. I tried replacing the_stored_access_token with the_stored_refresh_token, but this simply gives me an Invalid Credentials-error.

In this github issue I read the following:

regardless of how you obtained the access token / refresh token (whether through an authorization code grant or resource owner password credentials), you exchange them the same way, by passing the refresh token as refresh_token and grant_type set to 'refresh_token'.

From this I understood I had to create a remote app like so:

google = oauthManager.remote_app(
        'google',
        #  also the consumer_key, secret, request_token_params, etc..
        grant_type='refresh_token',
        refresh_token=u'1/xK_ZIeFn9quwvk4t5VRtE2oYe5yxkRDbP9BQ99NcJT0'
    )

But this leads to a TypeError: __init__() got an unexpected keyword argument 'refresh_token'. So from here I'm kinda lost.

Does anybody know how I can use the refresh_token to get a new access_token? All tips are welcome!

解决方案

This is how I get a new access_token for google:

from urllib2 import Request, urlopen, URLError
from webapp2_extras import json
import mimetools
BOUNDARY = mimetools.choose_boundary()
def refresh_token()
    url = google_config['access_token_url']
    headers = [
             ("grant_type", "refresh_token"),
             ("client_id", <client_id>),
             ("client_secret", <client_secret>),
             ("refresh_token", <refresh_token>),
             ]

    files = []
    edata = EncodeMultiPart(headers, files, file_type='text/plain')
    headers = {}
    request = Request(url, headers=headers)
    request.add_data(edata)

    request.add_header('Content-Length', str(len(edata)))
    request.add_header('Content-Type', 'multipart/form-data;boundary=%s' % BOUNDARY)
    try:
        response = urlopen(request).read()
        response = json.decode(response)
    except URLError, e:
        ...

EncodeMultipart function is taken from here: https://developers.google.com/cloud-print/docs/pythonCode

Be sure to use the same BOUNDARY

这篇关于如何使用refresh_token获取新的access_token（使用Flask-OAuthLib）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！