如何自动登录Google API以获取OAuth 2.0令牌以访问已知的用户帐户 [英] How to automate login to Google API to get OAuth 2.0 token to access known user account

问题描述

好的，这个问题已经在这里之前被询问过了。在回答问题的答案中，用户告诉他在应用程序中存储 refresh_token （session和not db，尽管无论存储在哪里都没关系） 。在阅读Google上的文档之后，似乎 access_token 具有到期日期，在此日期之后它不再有效。现在，我们显然可以每隔固定的时间间隔自动刷新令牌，或者如果服务返回无效的令牌错误，从而延长令牌的使用寿命，但由于某种原因，这个手动过程感觉有点冒失。我的问题是：

• 这是通过手动访问已知用户帐户的Google日历/应用数据的最有效（/普遍接受的）方法登录并在应用程序中持久化令牌？或者是否有另一种机制允许我们以编程方式登录到此用户帐户并通过OAuth步骤？
在我的应用程序中，流程如下所示：


1. 如果没有 access_token 定义，将用户重定向到Google页面，在该页面中，用户可以访问访问其Google数据的应用程序。使用授权码获取 access_token 和 refresh_token
/ code>。您还应该保存返回的 expires_in 值，它告诉您何时 access_token 过期并且不能再使用。 / li>

2. 无论何时需要访问API，如果 access_token 过期，您可以检入数据库 - 如果是，请使用 refresh_token 在访问API之前获取新的 access_token 。



我没有遇到过这样做的问题 - 就用户而言，他们只需授予访问权限一次，然后应用程序就会从那里接受身份验证。



这应该可以解决您的问题，因为应用程序会根据用户最初授予对应用的访问权限，以编程方式保持自身的重新身份验证，而且您无需执行任何操作手动。实际上，我不确定还有其他方法可以做到这一点，因为要再次执行OAuth过程，用户必须坐在设备前面手动授予访问权限。这就是在你的数据库中保存 access_token 和 refresh_token 的关键。




Ok, so this question has been asked before here. In the response/answer to the question, the user tells him to store the refresh_token in the application (session and not db, although it doesn't matter where you store it). After going through the documentation on Google, it seems that the access_token has an expiration date after which it is no longer valid. Now, we could obviously automatically refresh the token every fixed interval or if the service returns an invalid token error, thereby prolonging the lifespan of the token, but for some reason, this manual process feels a bit hacky. My questions is:

• Is this most effective (/generally accepted) way to access google calendar/app data for a known user account by manually logging in and persisting the token in the application? Or is there another mechanism that allows us to programmatically login to this user account and go through the OAuth steps?

解决方案

In my application, the flow is like this:

1. If no access_token defined, redirect the user to the Google page where they grant access to your application accessing their Google data. This returns an authorization code to your app.
2. Use the authorization code to get an access_token and refresh_token. You should also save the expires_in value returned, which tells you when the access_token expires and can no longer be used.
3. Whenever you need to access the API, you can check in your DB if the access_token is expired - if so, use the refresh_token to get a new access_token before accessing the API.

I haven't run in to any problems doing it this way - as far as the user is concerned, they only need to grant access once, then the app takes care of the authentication from there on.

That should solve your problem, because the app programmatically keeps re-authenticating itself based on the user initially granting access to your app, and you don't need to do anything manually. In fact, I'm not sure there's any other way to do it, because to do the OAuth process again, the user has to be sitting in front of the device to manually grant access. That's the point of persisting the access_token and refresh_token in your database.

这篇关于如何自动登录Google API以获取OAuth 2.0令牌以访问已知的用户帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！