Auth0锁定-Google oauth2无法获取refresh_token
[英]Auth0 Lock - Google oauth2 unable to get refresh_token
问题描述
I'm using Auth0 Lock with the google-oauth2 connection and I need to get a refresh_token because I need to make API calls from the server-side when the user is offline. 
我正在使用Auth0 Lock和google-oauth2连接,并且需要获取refresh_token因为当用户离线时,我需要从服务器端进行API调用。
I'm following their guide but it's not working, refreshToken is always undefined . 我正在遵循他们的指南,但无法正常工作, refreshToken始终是undefined 。
Using http://cdn.auth0.com/js/lock/10.7.2/lock.min.js 使用http://cdn.auth0.com/js/lock/10.7.2/lock.min.js
this.lock = new Auth0Lock('...', 'xxx.eu.auth0.com', {
initialScreen:'login',
allowedConnections: ['google-oauth2'],
allowSignUp: false,
auth: {
redirect: false,
responseType: "token",
params: {
'access_type': 'offline',
'approval_prompt': 'force',
},
},
autoclose: true
});
Tried also with params 'approval_prompt': 'force' or 'prompt': 'select_account consent' 还尝试了以下params 'approval_prompt': 'force'或'prompt': 'select_account consent'
Instructions here: https://github.com/auth0/rules/blob/master/rules/google-refresh-token.md 此处的说明: https : //github.com/auth0/rules/blob/master/rules/google-refresh-token.md
1 个解决方案
解决方案1
2 已采纳 2016-12-14 04:09:37
That rule is wrong. 那条规则是错误的。 IdP access_tokens are available through the management API. 可通过管理API使用IdP access_tokens 。 See this endpoint: https://auth0.com/docs/api/management/v2#!/Users/get_users_by_id 查看此端点: https : //auth0.com/docs/api/management/v2#!/ Users/ get_users_by_id
A special scope is required ( read:user_idp_tokens ). 需要一个特殊的范围( read:user_idp_tokens )。
This is because IdP tokens are sensitive artifacts, so Auth0 puts an extra layer of security to obtain them. 这是因为IdP令牌是敏感工件,因此Auth0为获得它们提供了额外的安全性。
You can of course call the API from a rule, but we'd likely advise against it and instead have your backend act on behalf of your (front-end) app.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.