Use OAuth Refresh Token to Obtain New Access Token - Google API(使用 OAuth Refresh Token 获取新的 Access Token - Google API)
问题描述
我的应用很简单,它连接到 Google+ API 对用户进行身份验证,如果成功,它会检索用户的电子邮件,然后根据电子邮件对给定的数据库执行一系列操作取回.
My app is simple, it connects to the Google+ API to authenticate the user, and if successful, it retrieves the user's email and then performs a series of operations on a given database based on the email retrieved.
我的主要问题是,我的访问令牌每小时都会过期,而我似乎不知道如何刷新"它.我收到以下错误,我认为这是预期的:
My main issue is that every hour, my access token expires, and I seem not to know how to "refresh" it. I get the following error, which I imagine is expected:
The OAuth 2.0 access token has expired, and a refresh token is not available.
我目前正在将访问令牌存储在数据库中,因此我可以根据需要进行检索.我唯一的问题是如何使用该令牌来获得新令牌?
I am currently storing the access token on a database, and I can therefore retrieve if needed. My only question is how do I use that token to gain a new one?
推荐答案
哇,我花了很长时间才弄明白这个问题,而且这些答案对我来说似乎很不完整.
Whoa, it took me significantly longer to figure this out, and the answers out there seemed quite incomplete to me.
在我们开始之前请记住,这个答案假设您使用的是最新的 Google APIPHP 库,截至 2014 年 5 月 26 日.
Before we start please keep in mind that this answer assumes you are using the latest Google API PHP Library, as of May 26th of 2014.
1 - 确保您的应用请求的访问类型是offline
.refresh_token
否则不提供.来自 Google:此字段仅在授权代码请求中包含 access_type=offline 时才存在.
1 - Make sure the access type your app requests is offline
. A refresh_token
is not provided otherwise. From Google: This field is only present if access_type=offline is included in the authorization code request.
$gClient->setAccessType('offline');
2 - 在第一次授权时,保留提供的 refresh_token
以供进一步访问.这可以通过cookies、数据库等来完成.我选择存储在数据库中:
2 - Upon the first authorization, persist the provided refresh_token
for further access. This can be done via cookies, database, etc. I chose to store in on a database:
$tokens = json_decode($gClient->getAccessToken()); /* Get a JSON object */
setRefreshToken($con, $tokens->refresh_token /* Retrieve form JSON object */);
3 - 检查 AccessToken
是否已过期,如果是这种情况,请从 Google 请求刷新的令牌.
3 - Check if the AccessToken
has expired, and request a refreshed token from Google if such is the case.
if ($gClient->isAccessTokenExpired()) {
$refreshToken = getRefreshToken($con, $email);
$gClient->refreshToken($refreshToken);
}
其中 getRefreshToken
是从我们的数据库中检索先前存储的 refresh_token
,然后我们将该值传递给客户端的 refreshToken
方法.
Where getRefreshToken
is retrieving the previously stored refresh_token
from our database, and then we pass that value to the Client's refreshToken
method.
快速说明:重要的是要记住,如果您之前已授权您的应用程序,您可能不会在响应中看到 refresh_token
,因为它仅提供我们第一次调用authenticate
.因此,您可以转到 https://www.google.com/settings/security 和撤消对您的应用的访问权限,或者您可以在创建客户端对象时添加以下行:
Quick Note: It's key to remember that if you had previously authorized your app, you probably won't see a refresh_token
on the response, since it is only provided the first time we call authenticate
. Therefore, you can either go to https://www.google.com/settings/security and Revoke Access to your app or you can add the following line when creating the Client object:
$gClient->setApprovalPrompt('force');
来自 Google:如果值为 force,则用户会看到一个同意页面,即使他们之前就给定的一组范围同意了您的应用程序.这反过来又确保了 refresh_token
在每次授权中提供.
From Google: If the value is force, then the user sees a consent page even if they previously gave consent to your application for a given set of scopes. Which in turn ensures that a refresh_token
is provided on each authorization.
完整示例:http://pastebin.com/jA9sBNTk
这篇关于使用 OAuth Refresh Token 获取新的 Access Token - Google API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:使用 OAuth Refresh Token 获取新的 Access Token - Google API
基础教程推荐
- phpmyadmin 错误“#1062 - 密钥 1 的重复条目‘1’" 2022-01-01
- 找不到类“AppHttpControllersDB",我也无法使用新模型 2022-01-01
- HTTP 与 FTP 上传 2021-01-01
- PHP 守护进程/worker 环境 2022-01-01
- 如何在 XAMPP 上启用 mysqli? 2021-01-01
- 在 yii2 中迁移时出现异常“找不到驱动程序" 2022-01-01
- 在 CakePHP 2.0 中使用 Html Helper 时未定义的变量 2021-01-01
- 使用 PDO 转义列名 2021-01-01
- Doctrine 2 - 在多对多关系中记录更改 2022-01-01
- 如何在 Symfony 和 Doctrine 中实现多对多和一对多? 2022-01-01