堆栈内存溢出
  简体   繁体   English

在Oauth2.0中刷新令牌

[英]Refresh token in Oauth2.0

 原文  2014-09-03 20:57:48       php/ oauth/ oauth-2.0/ salesforce/ access-token

问题描述

I am making an OAuth 2.0 request and it is returning me JSON with refresh_token and access_token , why are there are 2 in OAuth2.0? 我正在发出OAuth 2.0请求,并且返回带有refresh_token and access_token JSON,为什么OAuth2.0中有2个?

  • Which one is short lived? 哪一个是短暂的?
  • What is the purpose of both? 两者的目的是什么?

I read this question on SO but that didn'e helped me much, Any help in this regard will be appreciated Thanks 我在SO上阅读了这个问题 ,但是对我没有多大帮助,在这方面的任何帮助将不胜感激,谢谢

1 个解决方案

解决方案1
 1 已采纳  2014-09-05 07:10:52

The access token is what you will use to authenticate your service requests. access token是用于验证服务请求的身份。 It generally contains details about the user or is directly mapped to the permissions about the user and the permissions that he has granted. 它通常包含有关用户的详细信息,或直接映射到有关用户的权限及其所授予的权限。
These tokens are short lived - something like one hour, the actual duration differs per provider. 这些令牌的寿命很短-大约一小时,每个提供商的实际持续时间有所不同。

The refresh tokens on the other hand are used to get a new access token when the one that you have expires. 另一方面,当您的令牌过期时, refresh tokens将用于获取新的访问令牌。 They have a much longer (sometime infinite, until explicitly revoked) lifetime. 它们的寿命更长(有时是无限的,直到被明确撤销)。

Now, let's consider an end to end scenario . 现在,让我们考虑一个端到端场景 Let's say you create an app that does Facebook actions on a user's behalf - post on their timeline etc. 假设您创建了一个代表用户执行Facebook操作的应用-在用户的时间轴上发布信息等。

  • Your app redirects the user to log in to Facebook - you use Facebook SDK for this. 您的应用重定向用户以登录Facebook-为此您使用Facebook SDK。
  • When the user successfully logs in and gives you the required permissions (post on timeline) you get an access token and a refresh token. 当用户成功登录并为您提供所需的权限(在时间轴上发布)后,您将获得访问令牌和刷新令牌。
  • Your app can now hit the Facebook API to post on the user's timeline on his behalf with the access token . 您的应用程序现在可以访问Facebook API,以用户名义使用访问令牌发布在时间轴上。 This token can be used for one hour (or whatever time the access token is valid) 该令牌可以使用一小时(或访问令牌有效的任何时间)
  • Once the token is about to expire, you can hit a Facebook API to refresh the access token, as this one is about to expire. 令牌即将过期后,您可以点击Facebook API刷新访问令牌,因为该令牌即将过期。 So, you call into the API with refresh + access tokens . 因此,您可以使用refresh + access tokens调用API。
  • The API returns a new access token to you - you can use this now till it expires. API将向您返回一个新的访问令牌-您可以立即使用它直到过期。

PS - This is not how it happens for Facebook actually. PS-事实并非如此。 This was just a random example to explain how refresh and access tokens differ. 这只是一个随机的例子,用于说明刷新和访问令牌的不同之处。

If this makes sense, go back to the question that you have linked. 如果这有意义,请返回您已链接的问题。 It has some really good answers. 它有一些非常好的答案。 :) :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 …API调用oAuth2.0刷新令牌问题PandaDocs - … API Call oAuth2.0 Refresh Token issue PandaDocs Google OAuth2.0 php客户端使用刷新令牌交换访问令牌 - Google OAuth2.0 php client exchange access token with refresh token OAuth 2.0刷新令牌不可用? - OAuth 2.0 refresh token is not available? Google OAuth 2.0刷新令牌 - Google OAuth 2.0 Refresh Token OAuth 2.0:重新发送刷新令牌 - OAuth 2.0: Resending the Refresh Token 将 curl 转换为 php OAuth2.0 令牌生成错误 - convert curl to php OAuth2.0 Token Generate Error 如何包含sope数据以生成访问令牌Oauth2.0? - How to include the sope datas to generate an access token Oauth2.0? 刷新令牌PHP的Oauth 2.0问题 - Oauth 2.0 issues with refresh token PHP 谷歌 OAuth 2.0:刷新access_token - Google OAuth 2.0: Refresh access_token Linkedin REST API:使用CRON作业中的php更新OAuth2.0访问令牌吗? - Linkedin REST API: Update OAuth2.0 Access token using php from a CRON job?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM