Passport - Node.js没有返回刷新令牌
[英]Passport - Node.js not returning Refresh Token
问题描述
I am trying to return a refreshToken using the passport module of node.js. 
我试图使用node.js的passport模块返回一个refreshToken。 However I am using the code below and I am unable to log any refresh token but the access token works fine. 但是我使用下面的代码,我无法记录任何刷新令牌,但访问令牌工作正常。 Is there any way to specify the access-type offline for this module to hopefully return this? 有没有办法为这个模块指定脱机访问类型,希望能够返回这个?
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: "http://myurl/auth/callback"
},
function(accessToken, refreshToken, profile, done) {
console.log(refreshToken);
process.nextTick(function () {
return done(null, [{token:accessToken}, {rToken:refreshToken}, {profile:profile}]);
});
}
));
This returns the refreshToken as undefined. 这会将refreshToken返回为undefined。
Any help would be greatly appreciated. 任何帮助将不胜感激。
2 个解决方案
解决方案1
22 已采纳 2014-03-13 19:34:34
This was solved with this link: 这通过以下链接解决:
https://github.com/jaredhanson/passport/issues/42 https://github.com/jaredhanson/passport/issues/42
specifically: 特别:
passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email'],
accessType: 'offline', approvalPrompt: 'force' });
Jared Hanson - bless you. 杰瑞德汉森 - 祝福你。
解决方案2
5 2017-06-12 19:16:08
All you need is accessType: 'offline' and you'll get the refreshToken on first login . 您只需要accessType: 'offline' ,您将在首次登录时获得refreshToken 。
You don't need approvalPrompt or prompt in the request. 您在请求中不需要 approvalPrompt或prompt 。
Note this only works on first login if you don't capture and save the refreshToken and associate it with a user account on first login you can't easily get it again. 请注意, 这仅适用于首次登录,如果您没有捕获并保存refreshToken并在首次登录时将其与用户帐户关联,则无法再次轻松获取。
If you didn't capture it the first time someone logs in you have two options: 如果您在第一次登录时未捕获它,则有两种选择:
If a user logs in and you don't have a refreshToken for them, you can immediately forceably log them out and tell them to go to https://myaccount.google.com/permissions and revoke access to your application then just sign in again.
如果用户登录并且您没有针对他们的refreshToken ,则可以立即强制将其注销,并告诉他们转到https://myaccount.google.com/permissions并撤消对您的应用的访问权限然后只需登录再次。 When they sign in again they will get the same prompt for access they got on first login and you will get the refreshToken on that first new login.
当他们再次登录时,他们将获得与首次登录时相同的访问提示,并且您将在第一次新登录时获得refreshToken 。 Just be sure to have a method in your callback in Passport to save the refreshToken to their user profile in your database. 确保在Passport中的回调中有一个方法将refreshToken保存到数据库中的用户配置文件中。 You can then use the refreshToken to request a rotating accessToken whenever you need to call an a Google API.
然后,您可以在需要调用Google API时使用refreshToken请求旋转accessToken 。 You could also add both
accessType: 'offline'andprompt: 'consent'options, but this is probably not what you want in a web based application.您还可以添加accessType: 'offline'和prompt: 'consent'选项,但这可能不是您在基于Web的应用程序中所需的。Using these will prompt every user to approve access to your app every time they sign in .
使用这些将提示每个用户每次登录时都批准对您的应用的访问权限。 Despite the name, approvalPrompt does not enforce this, at least not in the current version of the API (judging by the number of people mentioning it and how often oAuth APIs change it's entirely possible this behaviour used to be different). 尽管名字,approvalPrompt并不强制这一点,至少不会在API的当前版本(由人提到它和多久的OAuth的API数量来看改变它完全有可能这种行为曾经是不同的)。 This isn't a great approach for web based apps as it's not a great user experience but might be useful for debugging.
对于基于Web的应用程序而言,这不是一个很好的方法,因为它不是一个出色的用户体验,但可能对调试很有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.