从短命的生成长期访问令牌？ [英] Generate long-lived access token from short-lived one?

问题描述

我们的应用使用通常的短期访问+刷新令牌为用户提供一系列后台服务。这意味着现在和现在的服务都需要刷新令牌。

我们遇到了两个服务试图同时刷新令牌的问题，从而导致一个无效的令牌。

有没有更好的方法来生成一个不需要每小时刷新的可用访问令牌？$ b $为什么从刷新标记中生成更多的访问标记会导致错误，因此没有理由不这样做。从刷新令牌生成新的访问令牌时，现有的非过期访问令牌不会失效。
请检查您的代码是否有错误。

也无法生成长期存取令牌。你问的是如何oauth1 / clientlogin用于工作（他们过了2周而不是1小时）。在oauth2中，没有长期存取令牌这样的事情。

Our app uses the usual short-lived access + refresh tokens to do a bunch of background services for users. This means that every now and then the services need to refresh the tokens.

We've run into an issue where 2 services try to refresh a token at the same time, thus resulting in an invalid token.

Is there a better way to generate a usable access token that doesn't require a refresh every hour?

解决方案

there is no reason why generating more access tokens from refresh tokens would cause an error.
existing non-expired access tokens are not invalidated when a new one is produced from the refresh token. check your code for errors there.
also there is no way to generate a long lived access token. what you ask is how oauth1/clientlogin used to work (they expired after 2 weeks instead of 1 hour). in oauth2 there is no such thing as a long lived access token.

这篇关于从短命的生成长期访问令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！