使用API无许可屏幕将文件通过PHP上传到Google Drive [英] Upload file via PHP to Google Drive using API no consent screen
问题描述
按照本教程中的步骤,我可以通过API将文件上传到我的Google云端硬盘,优先级为无需用户确认同意即可上传文件。
如何做我授权应用程序(网页或安装),无需用户干预? (canonical?)
但是,我注意到Refresh Token必须每次更新,因此,我寻找另一种解决方案来发送文件没有同意屏幕发送给用户。
在第一个小时内一切进展顺利,但是,现在它不返回TOKEN,因此不再进行上传。
<?phpfunction get_access_token $ force_refresh = false){global $ client_id,$ client_secret,$ refresh_token,$ verbose; if($ verbose){echo>检索访问令牌< br /> ; } $ token_filename =/ tmp / access_token_。 md5($ client_id。$ client_secret。$ refresh_token); $ access_token =; if(!file_exists($ token_filename)|| $ force_refresh === true){//没有先前的访问令牌,让我们得到一个if($ verbose){echo>获取新的< br /> ; } $ ch = curl_init(); curl_setopt($ ch,CURLOPT_URL,https://accounts.google.com/o/oauth2/token); curl_setopt($ ch,CURLOPT_PORT,443); curl_setopt($ ch,CURLOPT_SSL_VERIFYPEER,false); curl_setopt($ ch,CURLOPT_POST,1); curl_setopt($ ch,CURLOPT_POSTFIELDS,client_id = {$ client_id}& client_secret = {$ client_secret}& refresh_token = {$ refresh_token}& grant_type = refresh_token); curl_setopt($ ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ ch,CURLOPT_HEADER,true); curl_setopt($ ch,CURLOPT_HTTPHEADER,array(Content-Type:application / x-www-form-urlencoded));回声卷曲错误:。 curl_error($ ch)。 < br />; $ response = curl_exec($ ch); $ response = parse_response($ response); // todo:确保我们在从它获取访问令牌之前得到了有效的响应$ access_token = json_decode($ response [body]); $ access_token = $ access_token-> access_token; file_put_contents($ token_filename,$ access_token); } else {//我们已经有了一些缓存的东西,有些运气它仍然有效$ access_token = file_get_contents($ token_filename); if($ verbose){echo> from cache< br> ; }} if($ access_token ==){echoERROR:获取访问令牌的问题< br /> ;退出(1); } $返回$ access_token;}?>>
$ b
我的应用程序与谷歌驱动器没有同意屏幕,并没有需要总是续订这个TOKEN? 解决方案
提到。
您误解了刷新令牌的含义。一旦你有一个刷新令牌,你应该安全地存储它,并在需要访问令牌时重用它。刷新令牌不会过期 - 通常情况下不会,见下文。所以当你说我注意到刷新令牌必须每次更新时,这是不正确的。
你通常只会得到一个刷新令牌它被要求的时间。随后的请求将返回一个空值。用户需要撤销授权并重新授权才能获得另一个令牌。但是,您应该再次存储您获得的第一个刷新令牌,并无限期地重复使用。
在刷新令牌到期时...
刷新令牌非常非常很久以前,他们有时会被谷歌过期。一种情况(我从传闻中相信)是,如果用户更改密码,令牌可能会过期。这是有道理的,因为存储的刷新令牌大致类似于存储的用户名/密码。我还看到令牌在创建后6个月左右没有明显的理由到期。
Following the steps in this tutorial, I was able to upload a file to my Google Drive via API, the priority is to upload it without the user doing the confirmation of consent.
How do I authorise an app (web or installed) without user intervention? (canonical ?)
However, I noticed that the Refresh Token has to be updated every time and for this reason, I looked for another solution to send files without the consent screen being sent to the user.
In the first hours everything went well, however, now it does not return TOKEN and consequently no longer carries the upload.
<?php
function get_access_token( $force_refresh=false ) {
global $client_id, $client_secret, $refresh_token, $verbose ;
if( $verbose ) { echo "> retrieving access token<br />" ; }
$token_filename = "/tmp/access_token_" . md5( $client_id . $client_secret . $refresh_token ) ;
$access_token = "" ;
if( !file_exists($token_filename) || $force_refresh===true ) {
// no previous access token, let's get one
if( $verbose ) { echo "> getting new one<br />" ; }
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token" ) ;
curl_setopt( $ch, CURLOPT_PORT , 443 ) ;
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ) ;
curl_setopt( $ch, CURLOPT_POST, 1 ) ;
curl_setopt( $ch, CURLOPT_POSTFIELDS, "client_id={$client_id}&client_secret={$client_secret}&refresh_token={$refresh_token}&grant_type=refresh_token" ) ;
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ) ;
curl_setopt( $ch, CURLOPT_HEADER, true ) ;
curl_setopt( $ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded") ) ;
echo "Curl error: " . curl_error($ch) . "<br />";
$response = curl_exec( $ch ) ;
$response = parse_response( $response ) ;
// todo: make sure that we got a valid response before retrieving the access token from it
$access_token = json_decode( $response["body"] ) ;
$access_token = $access_token->access_token ;
file_put_contents( $token_filename, $access_token ) ;
} else {
// we already have something cached, with some luck it's still valid
$access_token = file_get_contents( $token_filename ) ;
if( $verbose ) { echo "> from cache<br />" ; }
}
if( $access_token=="" ) {
echo "ERROR: problems getting an access token<br />" ;
exit( 1 ) ;
}
return $access_token ;
}
?>
Is it possible to integrate my application with Google Drive without the consent screen and without the need to always renew this TOKEN?
I wrote the answer you referred to.
You've misunderstood what a refresh token is. Once you have a refresh token you should store it securely and reuse it whenever you want an access token. The refresh token does NOT expire - well not usually, see below. So when you say "I noticed that the Refresh Token has to be updated every time", that isn't true.
You will normally only get a refresh token the first time it is requested. Subsequent requests will return a null. The user will need to revoke authorization and re-authorize to get another token. But again, you should store the first refresh token you get and reuse that indefinitely.
On expiring refresh tokens... Whereas a refresh token is very very long lived, they are sometimes expired by Google. One situation (I believe from hearsay) is that tokens can be expired if the user changes his password. This would make sense since a stored refresh token is roughly analogous to a stored username/password. I've also seen tokens expire for no apparent reason, 6 months or so after being created.
这篇关于使用API无许可屏幕将文件通过PHP上传到Google Drive的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
