谷歌 oauth2 id_token 与 refresh_token
[英]google oauth2 id_token vs refresh_token
问题描述
I'm trying to use Google OAuth2 to get user's contact info.
我正在尝试使用 Google OAuth2 获取用户的联系信息。 I'm not struggling with getting accesses, I am wondering that for some reason I've stopped getting refresh_token instead I get id_token ( long JWT string ).我并没有为获得访问权而苦苦挣扎,我想知道由于某种原因我已经停止获取refresh_token而是得到id_token (长 JWT 字符串)。 I use python urllib to retrieve access information for users.我使用 python urllib来检索用户的访问信息。 My code is:我的代码是:
scope = 'https://accounts.google.com/o/oauth2/token'
params = urllib.urlencode({
'code': request.GET['code'],
'redirect_uri': settings.SOCIAL_AUTH_GOOGLE_REDIRECT_URI,
'client_id': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY,
'client_secret': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET,
'grant_type': 'authorization_code',
})
Response:回复:
{u'access_token': u'hash',
u'token_type': u'Bearer',
u'expires_in': 3600,
u'id_token': u'really long hash'}
I use contacts scope https://www.google.com/m8/feeds/contacts/default/full?alt=json When I'm trying to add to params access_type : offline I get the error below:我使用联系人范围https://www.google.com/m8/feeds/contacts/default/full?alt=json当我尝试添加到 params access_type : offline我收到以下错误:
Failed to retrive access_token. Status: 400
Message: {
"error" : "invalid_request",
"error_description" : "Parameter not allowed for this message type: access_type"
}
So after that I am wondering:所以在那之后我想知道:
- Can I use
id_tokenrefresh myaccess_token?我可以使用id_token刷新我的access_token吗? - If first is
True: How ?如果第一个是True:如何? - Are there any differences between types of users who are getting authenticated, because I noticed that sometimes you get
refresh_token, but I need to get it permanently, next time I make a OAuth2 flow I getid_token获得身份验证的用户类型之间是否有任何差异,因为我注意到有时您会得到refresh_token,但我需要永久获得它,下次我进行 OAuth2 流程时,我会得到id_token
2 个解决方案
解决方案1
1 2022-05-25 15:50:07
I'm sure I'm far too late to help here, but I ran into the same issue so hopefully this will help others.我确定我在这里提供帮助已经太晚了,但是我遇到了同样的问题,所以希望这对其他人有帮助。
Google ONLY provides the refresh_token on the first authorization. Google 仅在首次授权时提供 refresh_token。 If the account has already allowed access, the refresh_token will not be provided again.如果帐户已经允许访问,则不会再次提供 refresh_token。 Try revoking access to the app from your google account, then re-authorizing.尝试从您的谷歌帐户撤消对该应用程序的访问权限,然后重新授权。 You will then receive the refresh_token.然后您将收到 refresh_token。
解决方案2
0 2016-03-30 09:35:06
If you need a refresh token, you better add access_type=offline and approval_prompt=force onto https://accounts.google.com/o/oauth2/auth?如果您需要刷新令牌,最好将 access_type=offline 和 approval_prompt=force 添加到https://accounts.google.com/o/oauth2/auth?
var url = 'https://accounts.google.com/o/oauth2/auth?' +
'client_id=' + CLIENT_ID + '&' +
'response_type=code&access_type=offline&approval_prompt=force&' +
'redirect_uri=' + encodeURIComponent(REDIRECT_URL) +
'&scope=' + SCOPES;
Then the returned code will always give you a refresh code in the next handshake with https://www.googleapis.com/oauth2/v4/token然后返回的代码将始终在与https://www.googleapis.com/oauth2/v4/token的下一次握手中为您提供刷新代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.