[英]Refresh token in Oauth2.0
I am making an OAuth 2.0 request and it is returning me JSON with refresh_token and access_token
, why are there are 2 in OAuth2.0? 我正在发出OAuth 2.0请求,并且返回带有
refresh_token and access_token
JSON,为什么OAuth2.0中有2个?
I read this question on SO but that didn'e helped me much, Any help in this regard will be appreciated Thanks 我在SO上阅读了这个问题 ,但是对我没有多大帮助,在这方面的任何帮助将不胜感激,谢谢
The access token
is what you will use to authenticate your service requests. access token
是用于验证服务请求的身份。 It generally contains details about the user or is directly mapped to the permissions about the user and the permissions that he has granted. 它通常包含有关用户的详细信息,或直接映射到有关用户的权限及其所授予的权限。
These tokens are short lived - something like one hour, the actual duration differs per provider. 这些令牌的寿命很短-大约一小时,每个提供商的实际持续时间有所不同。
The refresh tokens
on the other hand are used to get a new access token when the one that you have expires. 另一方面,当您的令牌过期时,
refresh tokens
将用于获取新的访问令牌。 They have a much longer (sometime infinite, until explicitly revoked) lifetime. 它们的寿命更长(有时是无限的,直到被明确撤销)。
Now, let's consider an end to end scenario . 现在,让我们考虑一个端到端场景 。 Let's say you create an app that does Facebook actions on a user's behalf - post on their timeline etc.
假设您创建了一个代表用户执行Facebook操作的应用-在用户的时间轴上发布信息等。
refresh + access tokens
. refresh + access tokens
调用API。 PS - This is not how it happens for Facebook actually. PS-事实并非如此。 This was just a random example to explain how refresh and access tokens differ.
这只是一个随机的例子,用于说明刷新和访问令牌的不同之处。
If this makes sense, go back to the question that you have linked. 如果这有意义,请返回您已链接的问题。 It has some really good answers.
它有一些非常好的答案。 :)
:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.