堆栈内存溢出
  简体   繁体   English

PHP oauth2如何使用refresh_token

[英]PHP oauth2 how to use refresh_token

 原文  2016-12-31 13:17:27       php/ oauth-2.0

问题描述

I´ma bit puzzled how to use auth_ and refresh_token correctly in php. 我有点困惑如何在php中正确使用auth_和refresh_token。

I have registered a new client app with the oauth-provider. 我已经在oauth-provider中注册了一个新的客户端应用程序。 After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following: 之后,我的应用程序将客户端ID和密码发送到oauth2-authorization-endpoint,该端点返回以下内容: 

Array
(
    [result] => Array
        (
            [access_token] => qjdcshsmgwcuvi7hzpgxwqapfb8aoab60fmprk1g
            [expires_in] => 86400
            [token_type] => Bearer
            [scope] => basic
            [refresh_token] => whnutk9npmaikcn1bxbovleuqn9ggn9j00jgyiph
        )

    [code] => 200
    [content_type] => application/json
)

Great, I can now query the API by use of access_token. 太好了,我现在可以使用access_token查询API。 BUT the access_token will expire in 24h and the whole dance will start again. 但是access_token将在24小时后失效,并且整个舞蹈将再次开始。

Questions: 问题:

  • where do I store the access_token that the whole process does not run on every request? 我在哪里存储整个过程不会在每个请求上运行的access_token? A session will not be persistent, in a conf file, memcache a DB?) 会话不会是持久性的,在conf文件中,内存缓存是数据库吗?)
  • How to deal with the refresh token should I save a timestamp in the session and check if a new access_token has to be requested? 我应如何在会话中保存时间戳并检查是否需要请求新的access_token来处理刷新令牌?

1 个解决方案

解决方案1
 0 已采纳  2016-12-31 13:52:57

If you only use those tokens when your user is online (as in signed in to your application), then I would store it in a session variable. 如果您仅在用户在线时使用这些令牌(如登录到您的应用程序中),那么我会将其存储在会话变量中。 If you'll also use the tokens when the user is not online, it would be recommended to store them in a database. 如果您还可以在用户不在线时使用令牌,则建议将其存储在数据库中。 In the first case, you'll receive a refresh token every time the user signs in. In the second case, you'll receive a refresh token only once (ie when the user links their 3rd party account to your application). 在第一种情况下,每次用户登录时都会收到刷新令牌。在第二种情况下,您将只收到一次刷新令牌(即,当用户将其第三方帐户链接到您的应用程序时)。

To answer your second question, it would be advisable to store the expiry timestamp with the access_token. 要回答第二个问题,建议将过期时间戳记与access_token一起存储。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Oauth2 refresh_token 不存在 - Oauth2 refresh_token doesn't exists Oauth2 refresh_token 也在生成新的而不是使用现有的 - Oauth2 refresh_token is also generating new instead of using existing oauth2如何处理刷新令牌 - oauth2 how to deal with refresh token OAuth2 令牌 PHP - OAuth2 Token PHP 无法刷新PHP中的OAuth2令牌,无效授权 - Unable to refresh OAuth2 token in PHP, invalid grant 无法从Google Oauth响应获取refresh_token - Unable to get the refresh_token from google Oauth response 无法从OAuth 2服务器Laravel接收refresh_token - Not receive refresh_token from OAuth 2 Server Laravel 如何使用refresh_token为Uber刷新access_token - How to refresh access_token for uber with refresh_token Google api refresh_token null以及如何刷新访问令牌 - Google api refresh_token null and how to refresh access token 刷新oauth2令牌google api和HWIOAuthBundle - Refresh oauth2 token google api and HWIOAuthBundle
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM