[英]oauth2-server-php not returning refresh token
Using this oauth2 library for PHP , I am validating a user via client_credentials like this: 使用这个用于PHP的oauth2库 ,我通过如下的client_credentials验证用户:
server.php server.php
$server = new OAuth2\Server($storage, [
'access_lifetime' => 3600, // 1 hour
'refresh_token_lifetime' => 50400, // 14 days
]);
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($server->getStorage('client_credentials'), ['always_issue_new_refresh_token' => true])));
Then in my endpoint (token.php): 然后在我的端点(token.php)中:
require_once __DIR__.'/server.php';
$request = OAuth2\Request::createFromGlobals();
$server->handleTokenRequest($request)->send(); //returns the token object
Although a new access_token is returned, no refresh_token is returned: 尽管返回了新的access_token,但没有返回refresh_token:
{"access_token":"501a3d087db7532d4e4350402f9a5da332d71dfc","expires_in":3600,"token_type":"Bearer","scope":null}
How do you get the refresh_token? 您如何获得refresh_token?
You must specify accessType: 'offline'
in the OAuth2 options to receive a refresh token. 您必须在OAuth2选项中指定accessType: 'offline'
才能接收刷新令牌。 If the former does not work try access_type: 'offline'
. 如果前者不起作用,请尝试access_type: 'offline'
。
This is a normal behaviour. 这是正常现象。 With the Client Credentials grant type the refresh tokens are useless because the client can get a new access token by asking a new one when he wants. 使用“客户端凭据”授予类型,刷新令牌是无用的,因为客户端可以通过在需要时询问新的访问令牌来获取新的访问令牌。
Moreover I found a closed issue where the author of the library you use clearly explains that there is no bug here. 此外,我发现一个封闭的问题 ,您使用的库的作者清楚地说明这里没有错误。
As mentioned in this answer, you will find in the RFC6749 section 4.4.3 that the refresh token SHOULD NOT be included
. 如该答案所述,您将在RFC6749第4.4.3节中发现refresh token SHOULD NOT be included
。
You can also read this question and the accepted answer . 您还可以阅读此问题和已接受的答案 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.