[英]Google Oauth not getting refresh token
I am trying get refresh token. 我正在尝试获取刷新令牌。 I read about it in google documents. 我在谷歌文档中读到了它。 Now, I am using accesstype offline and also approval_prompt: "force" But I am not getting refresh token in response. 现在,我正在使用脱机的accessstype以及approval_prompt:“force”但是我没有得到刷新令牌作为响应。 I not getting what I am doing wrong. 我得不到我做错了什么。
I have following html code: 我有以下HTML代码:
<input type="submit" class="btn btn-info" value="Google" onclick="authorizeWithGoogle()" />
Javascript code: Javascript代码:
var cid = 'XXXXX';
var apik = 'XXXXX';
var scopes = 'https://www.google.com/m8/feeds';
function authorizeWithGoogle() {
gapi.client.setApiKey(apik);
gapi.auth.authorize({ client_id: cid, scope: scopes, accesstype: "offline" ,approval_prompt: "force"}, handleAuthResult);
}
function handleAuthResult(authResult) {
delete authResult['g-oauth-window'];
if (authResult && !authResult.error) {
console.log(JSON.stringify(authResult));
}
}
Can you please help me. 你能帮我么。
You don't want to be requesting refresh tokens as that negates the security of OAuth. 您不希望请求刷新令牌,因为这会否定OAuth的安全性。 Refresh tokens should only ever be requested/stored on a server. 只应在服务器上请求/存储刷新令牌。 You might want to take a step back and review your understanding of OAuth before continuing. 在继续之前,您可能需要退一步并检查您对OAuth的理解。 Trying to implement OAuth without understanding it is a pita. 试图在不了解它的情况下实施OAuth是一个皮塔饼。
For a browser client, you should simply keep calling gapi.auth.authorize whenever you need a new access token (eg. approx every hour). 对于浏览器客户端,只要您需要新的访问令牌(例如大约每小时),就应该继续调用gapi.auth.authorize。 After the first call, you can set immediate=true
which will suppress any UI. 第一次调用后,您可以设置immediate=true
,这将禁止任何UI。
First, you made a typo, it's missing the underline: it's access_type
, not accesstype
. 首先,你做了一个拼写错误,它缺少下划线:它是access_type
,而不是accesstype
。
Then, additionally to pass access_type
and approval_prompt
, you need to make sure your test user removed the grants for your app. 然后,除了传递access_type
和approval_prompt
,还需要确保测试用户删除了应用的授权。 Login in Google with your test account (not your app account) and go to Account Permissions and remove your app from the list. 使用您的测试帐户(而非您的应用帐户)登录Google,然后转到帐户权限并从列表中删除您的应用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.