[英]google oauth2 id_token vs refresh_token
I'm trying to use Google OAuth2 to get user's contact info.我正在尝试使用 Google OAuth2 获取用户的联系信息。 I'm not struggling with getting accesses, I am wondering that for some reason I've stopped getting
refresh_token
instead I get id_token
( long JWT string ).我并没有为获得访问权而苦苦挣扎,我想知道由于某种原因我已经停止获取
refresh_token
而是得到id_token
(长 JWT 字符串)。 I use python urllib
to retrieve access information for users.我使用 python
urllib
来检索用户的访问信息。 My code is:我的代码是:
scope = 'https://accounts.google.com/o/oauth2/token'
params = urllib.urlencode({
'code': request.GET['code'],
'redirect_uri': settings.SOCIAL_AUTH_GOOGLE_REDIRECT_URI,
'client_id': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY,
'client_secret': settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET,
'grant_type': 'authorization_code',
})
Response:回复:
{u'access_token': u'hash',
u'token_type': u'Bearer',
u'expires_in': 3600,
u'id_token': u'really long hash'}
I use contacts scope https://www.google.com/m8/feeds/contacts/default/full?alt=json
When I'm trying to add to params access_type : offline
I get the error below:我使用联系人范围
https://www.google.com/m8/feeds/contacts/default/full?alt=json
当我尝试添加到 params access_type : offline
我收到以下错误:
Failed to retrive access_token. Status: 400
Message: {
"error" : "invalid_request",
"error_description" : "Parameter not allowed for this message type: access_type"
}
So after that I am wondering:所以在那之后我想知道:
id_token
refresh my access_token
?id_token
刷新我的access_token
吗?True
: How ?True
:如何?refresh_token
, but I need to get it permanently, next time I make a OAuth2 flow I get id_token
refresh_token
,但我需要永久获得它,下次我进行 OAuth2 流程时,我会得到id_token
I'm sure I'm far too late to help here, but I ran into the same issue so hopefully this will help others.我确定我在这里提供帮助已经太晚了,但是我遇到了同样的问题,所以希望这对其他人有帮助。
Google ONLY provides the refresh_token on the first authorization. Google 仅在首次授权时提供 refresh_token。 If the account has already allowed access, the refresh_token will not be provided again.
如果帐户已经允许访问,则不会再次提供 refresh_token。 Try revoking access to the app from your google account, then re-authorizing.
尝试从您的谷歌帐户撤消对该应用程序的访问权限,然后重新授权。 You will then receive the refresh_token.
然后您将收到 refresh_token。
If you need a refresh token, you better add access_type=offline and approval_prompt=force onto https://accounts.google.com/o/oauth2/auth?
如果您需要刷新令牌,最好将 access_type=offline 和 approval_prompt=force 添加到
https://accounts.google.com/o/oauth2/auth?
var url = 'https://accounts.google.com/o/oauth2/auth?' +
'client_id=' + CLIENT_ID + '&' +
'response_type=code&access_type=offline&approval_prompt=force&' +
'redirect_uri=' + encodeURIComponent(REDIRECT_URL) +
'&scope=' + SCOPES;
Then the returned code will always give you a refresh code in the next handshake with https://www.googleapis.com/oauth2/v4/token
然后返回的代码将始终在与
https://www.googleapis.com/oauth2/v4/token
的下一次握手中为您提供刷新代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.