[英]PHP oauth2 how to use refresh_token
I´ma bit puzzled how to use auth_ and refresh_token correctly in php. 我有点困惑如何在php中正确使用auth_和refresh_token。
I have registered a new client app with the oauth-provider. 我已经在oauth-provider中注册了一个新的客户端应用程序。 After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following: 之后,我的应用程序将客户端ID和密码发送到oauth2-authorization-endpoint,该端点返回以下内容:
Array
(
[result] => Array
(
[access_token] => qjdcshsmgwcuvi7hzpgxwqapfb8aoab60fmprk1g
[expires_in] => 86400
[token_type] => Bearer
[scope] => basic
[refresh_token] => whnutk9npmaikcn1bxbovleuqn9ggn9j00jgyiph
)
[code] => 200
[content_type] => application/json
)
Great, I can now query the API by use of access_token. 太好了,我现在可以使用access_token查询API。 BUT the access_token will expire in 24h and the whole dance will start again. 但是access_token将在24小时后失效,并且整个舞蹈将再次开始。
Questions: 问题:
If you only use those tokens when your user is online (as in signed in to your application), then I would store it in a session variable. 如果您仅在用户在线时使用这些令牌(如登录到您的应用程序中),那么我会将其存储在会话变量中。 If you'll also use the tokens when the user is not online, it would be recommended to store them in a database. 如果您还可以在用户不在线时使用令牌,则建议将其存储在数据库中。 In the first case, you'll receive a refresh token every time the user signs in. In the second case, you'll receive a refresh token only once (ie when the user links their 3rd party account to your application). 在第一种情况下,每次用户登录时都会收到刷新令牌。在第二种情况下,您将只收到一次刷新令牌(即,当用户将其第三方帐户链接到您的应用程序时)。
To answer your second question, it would be advisable to store the expiry timestamp with the access_token. 要回答第二个问题,建议将过期时间戳记与access_token一起存储。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.