使用 OAuth Refresh Token 获取新的 Access Token - Google API

我的应用很简单,它连接到 Google+ API 对用户进行身份验证,如果成功,它会检索用户的电子邮件,然后根据电子邮件对给定的数据库执行一系列操作取回.

My app is simple, it connects to the Google+ API to authenticate the user, and if successful, it retrieves the user's email and then performs a series of operations on a given database based on the email retrieved.

我的主要问题是,我的访问令牌每小时都会过期,而我似乎不知道如何刷新"它.我收到以下错误,我认为这是预期的:

My main issue is that every hour, my access token expires, and I seem not to know how to "refresh" it. I get the following error, which I imagine is expected:

The OAuth 2.0 access token has expired, and a refresh token is not available.

我目前正在将访问令牌存储在数据库中,因此我可以根据需要进行检索.我唯一的问题是如何使用该令牌来获得新令牌?

I am currently storing the access token on a database, and I can therefore retrieve if needed. My only question is how do I use that token to gain a new one?

推荐答案

哇,我花了很长时间才弄明白这个问题,而且这些答案对我来说似乎很不完整.

Whoa, it took me significantly longer to figure this out, and the answers out there seemed quite incomplete to me.

在我们开始之前请记住,这个答案假设您使用的是最新的 Google APIPHP 库,截至 2014 年 5 月 26 日.

Before we start please keep in mind that this answer assumes you are using the latest Google API PHP Library, as of May 26th of 2014.

1 - 确保您的应用请求的访问类型是offline.refresh_token 否则不提供.来自 Google:此字段仅在授权代码请求中包含 access_type=offline 时才存在.

1 - Make sure the access type your app requests is offline. A refresh_token is not provided otherwise. From Google: This field is only present if access_type=offline is included in the authorization code request.

$gClient->setAccessType('offline');

2 - 在第一次授权时,保留提供的 refresh_token 以供进一步访问.这可以通过cookies、数据库等来完成.我选择存储在数据库中:

2 - Upon the first authorization, persist the provided refresh_token for further access. This can be done via cookies, database, etc. I chose to store in on a database:

$tokens = json_decode($gClient->getAccessToken()); /* Get a JSON object */
setRefreshToken($con, $tokens->refresh_token /* Retrieve form JSON object */);

3 - 检查 AccessToken 是否已过期,如果是这种情况,请从 Google 请求刷新的令牌.

3 - Check if the AccessToken has expired, and request a refreshed token from Google if such is the case.

if ($gClient->isAccessTokenExpired()) {    
  $refreshToken = getRefreshToken($con, $email); 
  $gClient->refreshToken($refreshToken);
}  

其中 getRefreshToken 是从我们的数据库中检索先前存储的 refresh_token,然后我们将该值传递给客户端的 refreshToken 方法.

Where getRefreshToken is retrieving the previously stored refresh_token from our database, and then we pass that value to the Client's refreshToken method.

快速说明:重要的是要记住,如果您之前已授权您的应用程序,您可能不会在响应中看到 refresh_token,因为它仅提供我们第一次调用authenticate.因此,您可以转到 https://www.google.com/settings/security 和撤消对您的应用的访问权限,或者您可以在创建客户端对象时添加以下行:

Quick Note: It's key to remember that if you had previously authorized your app, you probably won't see a refresh_token on the response, since it is only provided the first time we call authenticate. Therefore, you can either go to https://www.google.com/settings/security and Revoke Access to your app or you can add the following line when creating the Client object:

$gClient->setApprovalPrompt('force');

来自 Google:如果值为 force,则用户会看到一个同意页面,即使他们之前就给定的一组范围同意了您的应用程序.这反过来又确保了 refresh_token 在每次授权中提供.

From Google: If the value is force, then the user sees a consent page even if they previously gave consent to your application for a given set of scopes. Which in turn ensures that a refresh_token is provided on each authorization.

完整示例:http://pastebin.com/jA9sBNTk

相关文章