Google YouTube API刷新令牌未被发送 [英] Google YouTube API Refresh Token not being sent
问题描述
我试图在Google的文档中使用基于Google的Google YouTube数据API: https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Refreshing_a_Token 。我的问题出现在使用OAuth进行身份验证时。我使用的是以下授权URL,它与文档所说的使用URL完全相同,显然,除了我的redirect uri和应用程序密钥外。
$ this-> authorizationUrl ='https://accounts.google.com/o/oauth2/auth?';
$ this-> authorizationUrl。='client_id ='。 $ this-> applicationKey。 &安培;;
$ this-> authorizationUrl。='redirect_uri ='。 $ this-> redirect_uri。 /account.php?action=youtube_oauth&;
$ this-> authorizationUrl。='scope = https://gdata.youtube.com&';
$ this-> authorizationUrl。='response_type = code&';
$ this-> authorizationUrl。='access_type = offline';
然后,正如文档所说,我卷曲如下:
$ curl_options = Array(
CURLOPT_POSTFIELDS =>数组(
'code'=> $ code,
'client_id '=> $ this-> applicationKey,
'client_secret'=> $ this-> applicationSecret,
'redirect_uri'=> $ this-> redirect_uri。'/account.php 'action = youtube_oauth',
'grant_type'=>'authorization_code'
),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_URL =>'https:// accounts。 google.com/o/oauth2/token'
);
但是,我的回应从来没有给我一个像他们的文档所说的那样的refresh_token。我只是得到其他三个响应项目。
以下是一些问题:获取刷新标记google api 已经说过要使用approval_prompt = force,但这也不起作用,并且完全无法使access_type = offline。
任何关于为什么我会在4个响应项中的3个中得到有效响应的想法?
来自OAuth2.0文档的离线访问部分:
当您的应用程序收到刷新令牌时,存储该刷新令牌以备将来使用时,
很重要。如果您的
应用程序丢失了刷新令牌,则必须在获得另一个刷新令牌之前,重新提示
用户同意。如果您需要
来重新提示用户同意,请在授权码请求中包含approval_prompt
参数,并将该值设置为
force
。
所以,如果您已经授予访问权限,对 authorization_code
的 grant_type
请求不会返回 refresh_token
,即使 access_type
在同意页面的查询字符串中设置为脱机
。
正如上面的报价中所述,为了在获得新 refresh_token
后获得一个,您需要通过设置 approval_prompt
到 force
。
干杯,
PS此变更已在博客文章以及。
I'm attempting to use the Google YouTube Data API with PHP based on Google's documentation here: https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Refreshing_a_Token. My problem comes in when authenticating with OAuth. I'm using the following authorization URL which is identical to the one the docs say to use except for my redirect uri and application key, obviously.
$this->authorizationUrl = 'https://accounts.google.com/o/oauth2/auth?';
$this->authorizationUrl .= 'client_id=' . $this->applicationKey . '&';
$this->authorizationUrl .= 'redirect_uri=' . $this->redirect_uri . '/account.php?action=youtube_oauth&';
$this->authorizationUrl .= 'scope=https://gdata.youtube.com&';
$this->authorizationUrl .= 'response_type=code&';
$this->authorizationUrl .= 'access_type=offline';
Then, as the docs say to, I cURL the following:
$curl_options = Array(
CURLOPT_POSTFIELDS => Array(
'code' => $code,
'client_id' => $this->applicationKey,
'client_secret' => $this->applicationSecret,
'redirect_uri' => $this->redirect_uri . '/account.php?action=youtube_oauth',
'grant_type' => 'authorization_code'
),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_URL => 'https://accounts.google.com/o/oauth2/token'
);
However, my response never gives me a refresh_token like their documentation says it should. I just get the other three response items.
Some questions like this one: Get refresh token google api have said to use approval_prompt=force, but that doesn't work either and entirely defeats the purpose of having access_type=offline.
Any ideas as to why I'd get a valid response with 3 of the 4 response items?
From the offline access portion of the OAuth2.0 docs:
When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the
approval_prompt
parameter in the authorization code request, and set the value toforce
.
So, when you have already granted access, subsequent requests for a grant_type
of authorization_code
will not return the refresh_token
, even if access_type
was set to offline
in query string of the consent page.
As stated in the quote above, in order to obtain a new refresh_token
after already receiving one, you will need to send your user back through the prompt, which you can do by setting approval_prompt
to force
.
Cheers,
PS This change was announced in a blog post as well.
这篇关于Google YouTube API刷新令牌未被发送的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!