如何获取离线令牌和刷新令牌以及自动刷新对Google API的访问权限 [英] How to get offline token and refresh token and auto-refresh access to Google API
问题描述
我正在开发一个应用程序,使用OAuth2和谷歌客户端库访问Google API(从Calendar API开始)(位于Appengine和GWT BTW)。
我已经实现了我的 OAuth2Call 后端servlet,扩展了Google AbstractAppEngineAuthorizationCodeCallbackServlet 。
我有它的工作,我得到访问,并可以看看日历等,但有两个问题:
$ b $ 1)我没有得到一个刷新令牌,尽管明确要求脱机访问:
public static GoogleAuthorizationCodeFlow newFlow(String scope)throws IOException {
GoogleAuthorizationCodeFlow.Builder builder = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT,
JSON_FACTORY,
getClientSecrets(),
Collections.singleton(scope));
builder.setCredentialStore(new AppEngineCredentialStore()).setAccessType(offline);
return builder.build();
}
2)我看不到如何设置自动刷新功能。
这些页面描述了这些方法:
但我看不到添加刷新监听器。在 GoogleAuthorizationCodeFlow.Builder 类中没有这样的方法,与 Credential.Builder class
$ b
编辑
更多地调试代码后,当凭证返回时(在 onSuccess()方法中),它似乎有一个 RefreshListener 已经设置.....所以也许这是他们默认的,我唯一的问题是我没有得到 refresh_token ,尽管要求它。
也许还需要查看Google API控制台中的设置吗?解决方案
有一点你应该小心:只有当用户明确表示同意请求的作用域时,才会返回刷新令牌(除了访问令牌)。基本上,显示批准页面时。所有后续流程将仅返回访问令牌。
现在,为了测试您的应用程序并确保您第一次收到刷新令牌,您可以使用approval_prompt =强制参数( builder.setApprovalPrompt(force))确保审批页面显示在流程中,并且获得用户的明确同意。解决任何问题并确保刷新标记存储正确后,可以删除该标记(默认值为 auto )
有关更多信息,请参阅离线访问部分开发者指南。
I'm developing an app that accesses Google APIs (starting with Calendar API) using OAuth2 and the google client libraries for that (is on Appengine and GWT BTW).
I have implemented my OAuth2Call back servlet, extending the Google AbstractAppEngineAuthorizationCodeCallbackServlet.
I have it working, I get access and can look at calendars etc, but have two problems:
1) I do not get a refresh token, despite explicitly requesting offline access:
public static GoogleAuthorizationCodeFlow newFlow( String scope ) throws IOException {
GoogleAuthorizationCodeFlow.Builder builder = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT,
JSON_FACTORY,
getClientSecrets(),
Collections.singleton( scope ) );
builder.setCredentialStore( new AppEngineCredentialStore() ).setAccessType("offline");
return builder.build();
}
2) I cannot see how to set the automatic refresh functionality. These pages describe the methods:
But I can't see where to add the refresh listener. There is no such method in the GoogleAuthorizationCodeFlow.Builder class, unlike the Credential.Builder class
EDIT
After debugging the code more, when the credential comes back (in the onSuccess() method) it seems to have a RefreshListener set already.....so maybe that's their by default, and my only problem is I'm not getting a refresh_token, despite asking for it.
Maybe need to review settings in the Google API Console also?
One thing you should be careful about: a refresh token is returned (in addition to the access token) only when the user gives consent explicitly for the requested scopes. Basically, when the approval page is shown. All subsequent flows will only return an access token.
Now, in order to test your application and make sure you receive the refresh token the first time around, you could use the approval_prompt=force parameter (builder.setApprovalPrompt("force")) to make sure the approval page is shown in the flow and you obtain explicit consent from the user. After you sort out any issues and make sure the refresh tokens are stored properly, you can remove that flag (the default is auto)
More information is also available in the offline access section in the developer guide.
这篇关于如何获取离线令牌和刷新令牌以及自动刷新对Google API的访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
