iOS:GPPSignInButton始终要求“具有脱机访问权限”允许 [英] iOS: GPPSignInButton always asks for "Have offline access" Permission
问题描述
我已根据以下内容设置了GPPSignInButton:
I've set up the GPPSignInButton based on the following:
https://developers.google.com/+/mobile/ios/sign-in#enable_server-side_api_access_for_your_app
let googleSignIn = GPPSignIn.sharedInstance()
googleSignIn.clientID = GoogleClientID
googleSignIn.attemptSSO = true
googleSignIn.homeServerClientID = GoogleServerClientID
googleSignIn.scopes = ["https://www.googleapis.com/auth/plus.login", "https://www.googleapis.com/auth/plus.profile.emails.read"]
googleSignIn.delegate = self
googleSignInButton.colorScheme = kGPPSignInButtonColorSchemeLight
googleSignInButton.style = kGPPSignInButtonStyleWide
当用户第一次登录时,它会要求输入正确的权限并返回 idToken ded到服务器并交换了access_token / refresh_token。
When the user signs in the first time it asks for the correct permissions and returns the idToken which gets forwarded to the server and exchanged for an access_token/refresh_token.
但是在调用 GPPSignIn.sharedInstance()之后.ignOut(),再次登录将始终要求有离线访问权限。
However after calling GPPSignIn.sharedInstance().signOut(), signing in again will always ask for the "Have offline access" permission.
我已阅读其他一些引用此内容的SO帖子及其中大部分内容参考URL参数approval_prompt和access_type。鉴于我正在使用iOS SDK,我无法设置这些参数。
I've read through some of the other SO posts referencing this and most of them reference URL parameters "approval_prompt" and "access_type". Given that I'm using the iOS SDK, I don't have the ability to set these parameters.
应用程序在Web视图中路由到的URL是:
The url that the app routes to in the web view is:
https://accounts.google.com/o/oauth2/auth?gpsdk=1.7.1&audience=<server-client-id>&response_type=code&verifier=94014002&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.login%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.profile.emails.read&gpbtn=1.1&hl=en&redirect_uri=<redirect_uri>&client_id=<client-id>&state=702574
我在服务器端有相同的范围(登录和电子邮件),我无法弄清楚我还需要做什么,所以它并不总是要求获得离线访问权限。
I have the same scopes ("login" and "email") on the server side, I can't figure out what else I need to do so it doesn't always ask for permission to have offline access.
推荐答案
我知道您使用的是Google的iOS SDK。
I understand that you are using Google's iOS SDK.
您所说的是Google API的默认行为。
What you are talking is the default behaviour of Google API.
使用以下解决方案,您可以使用将approval_prompt = force和access_type = offline参数添加到网址。
Using below solution you can add "approval_prompt=force" and "access_type=offline" parameters to the URL.
解决方案:
所以当添加这些参数时,您必须修改GTMOAuth2SignIn.m 并将paramsDict替换为以下NSMutableDictionary:
So as to add these parameters, you will have to modify GTMOAuth2SignIn.m and replace the "paramsDict" with following NSMutableDictionary:
NSMutableDictionary *paramsDict = [NSMutableDictionary dictionaryWithObjectsAndKeys:
@"code", @"response_type",
clientID, @"client_id",
scope, @"scope",
@"force", @"approval_prompt",
@"offline", @"access_type",
nil];
我相信在此之后您的问题将得到解决。
I am sure after this your issue will be resolved.
更新:
对于GPPSignin类使用,您应该检查是否可以使用trySilentAuthentication。
这个api检查是否可以在没有用户交互的情况下登录。
For GPPSignin class usage you should check whether trySilentAuthentication is possible. this api checks if the Signin is possible without user interaction.
有关trySilentAuthentication的说明
当您调用authenticate时,sdk会在用户的钥匙串中保存一个长期存在的令牌,以及用于进行API调用的短期令牌。调用trySilentAuthentication检查长期存在的令牌是否在密钥链中,并生成一个新的短期令牌。如果成功,则意味着用户之前已在该设备上登录该应用程序,因此您通常希望对此进行适当的响应。如果它失败(没有令牌)它将只返回false,或者如果它不能生成一个短期令牌,它将调用finishedWithAuth:error并设置错误。
When you call authenticate, sdk saves a long lived token in the keychain for the user, as well as a short lived token for making API calls. Calling trySilentAuthentication checks whether the long lived token is in the key chain, and generates a new short lived token. If it succeeds it means the user has signed in to that app on that device before, so you generally will want to respond to that appropriately. If it fails (there is no token) it will just return false, or if it can't generate a short lived token it will call finishedWithAuth:error with the error set.
这篇关于iOS:GPPSignInButton始终要求“具有脱机访问权限”允许的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
