[英]Google OAuth access token expiration in MVC app?
I wrote an MVC app using Google Oauth2 as instructed here: https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications 我按照此处的说明使用Google Oauth2编写了一个MVC应用程序: https : //developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications
I have an issue with access token expiration. 我有访问令牌到期的问题。 When access token expires, I get the exception when calling Google API: "The access token has expired but we can't refresh it"
当访问令牌过期时,我在调用Google API时遇到异常: “访问令牌已过期,但我们无法刷新它”
The initial authentication is two iterations mechanism: 初始身份验证是两种迭代机制:
first iteration AuthorizeAsync returns result with empty Credential, and populated RedirectUri: 第一次迭代AuthorizeAsync返回结果为空Credential,并填充RedirectUri:
So, the authorization url created is this: 因此,创建的授权URL是:
https://accounts.google.com/o/oauth2/auth?access_type=offline&response_type=code&client_id=MYCLIENTID&redirect_uri=http:%2F%2Flocalhost%2FHomepage%2FAuthCallback%2FIndexAsync&scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar https:%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly&state=http:%2F%2Flocalhost%2FHomepage%2F95419199
Note that access_type=offline is present. 请注意,access_type = offline存在。 So I should get the refresh token back as well (doesn't happen).
所以我也应该恢复刷新令牌(不会发生)。
second iteration - AuthorizeAsync returns result with populated Credential and empty RedirectUri: 第二次迭代 - AuthorizeAsync返回带有填充的凭据且空RedirectUri的结果:
Question1 - is RefreshToken supposed to be null at this moment? 问题1 - 此时RefreshToken是否应该为空?
The result is remembered, since it's defined as static. 记住结果,因为它被定义为静态的。
Next request that comes in - the Calendar action that requires result.Credential to call Google Calendar API: 下一个请求 - 需要result.Credential调用Google Calendar API的日历操作:
Question2 - if access token expires by that moment (for testing I just set ExpiresInSeconds = 0), I call RefreshTokenAsync method, but it always returns false ! 问题2 - 如果访问令牌在那一刻到期(为了测试我只是设置ExpiresInSeconds = 0),我调用RefreshTokenAsync方法,但它总是返回false ! Why?
为什么? What am I missing here?
我在这里错过了什么?
And what would be the right way to handle when RefreshTokenAsync returns false? 当RefreshTokenAsync返回false时,处理什么是正确的方法? Current RedirectResult(result.RedirectUri) command will fail since result.RedirectUri is null.
当前RedirectResult(result.RedirectUri)命令将失败,因为result.RedirectUri为null。
Oh, I finally got it :) For those who interested - refresh token is only issued once, when you get that Consent screen, where you have to click Yes. 哦,我终于明白了:)对于那些感兴趣的人 - 刷新令牌只发出一次,当你得到Consent屏幕时,你必须点击是。
So, in order to get refresh token, go to your account setting, Account Permissions: https://security.google.com/settings/security/permissions 因此,要获取刷新令牌,请转到您的帐户设置,帐户权限: https : //security.google.com/settings/security/permissions
and revoke access for the project you configured in Google Developers Console: https://console.developers.google.com/project 并取消对您在Google Developers Console中配置的项目的访问权限: https : //console.developers.google.com/project
Now, put a breakpoint on the next line after you call AuthorizeAsync, restart your application in Debug mode, get that consent screen asking for permissions, click Accept. 现在,在调用AuthorizeAsync后,在下一行放置断点,在调试模式下重新启动应用程序,获取同意屏幕询问权限,单击“接受”。
The app will return to VS and will stop on your break point. 该应用程序将返回VS并将在您的断点处停止。
Now, record somewhere the result.Credential.Token.RefreshToken value, it's an encrypted string. 现在,在某处记录结果.Credential.Token.RefreshToken值,它是一个加密的字符串。
I placed my in web.config appsetting for simplicity. 为了简单起见,我将我放在web.config appsetting中。
Now, I just assign that value back to result.Credential.Token.RefreshToken = refreshToken; 现在,我只是将该值赋给result.Credential.Token.RefreshToken = refreshToken;
and every time, when access token expires, it will automatically refresh it. 每次访问令牌到期时,它都会自动刷新它。
Like here when I call GmailService request.Execute(...) passing the credential object that contains the token, the token will be refreshed. 就像这里当我调用GmailService request.Execute(...)传递包含令牌的凭证对象时,令牌将被刷新。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.