通过网络(javascript)在Google上进行身份验证,在服务器(.NET)上进行消费
[英]Authenticate with Google on the web (javascript), consume on the server (.NET)
问题描述
We have a web server using Google Sign-In to authenticater and authorize for API access (Classroom). 
我们有一个使用Google登录功能进行身份验证和授权进行API访问的网络服务器(教室)。 We need the sign-in part, so we're using init() and signIn() . 我们需要登录部分,因此我们使用init()和signIn() 。 We cannot use authorise() . 我们不能使用authorise() 。 Also, we're not signin in with particular scopes, as we just need identify for normal usage. 另外,我们不使用特定范围登录,因为我们只需要标识正常使用情况即可。
The logged-in user can enable a feature that requires offline access on behalf of his/her account to the Google Classrom API. 登录的用户可以启用一项功能,该功能需要代表他/她的帐户脱机访问Google Classrom API。 We call grantOfflineAccess() with two scopes related to Classroom to get an authentication code, which is stored for later. 我们使用与Classroom有关的两个范围调用grantOfflineAccess()来获取身份验证代码,该代码将存储以供以后使用。
On the server side, we have a gRPC service that doesn't expose any web front-end. 在服务器端,我们有一个gRPC服务,它不公开任何Web前端。 We're using C#/.NET with the Google API Client libraries . 我们正在将C#/。NET与Google API客户端库配合使用 。
I implemented an IDataStore that can respond to TokenResponse requests by either calling AuthorizationCodeFlow.ExchangeCodeForTokenAsync with the above code, or return the last TokenResponse stored in the database. 我实现了一个IDataStore ,它可以通过使用上述代码调用AuthorizationCodeFlow.ExchangeCodeForTokenAsync来响应TokenResponse请求,或者返回存储在数据库中的最后一个TokenResponse 。 When (well, "if") IDataStore.StoreAsync is called with a new version (normally after a token refresh was required), it saves it again in the database. 当使用新版本(通常在需要刷新令牌之后)调用(如果是)时,通常将IDataStore.StoreAsync保存在数据库中。
My problem is that ExchangeCodeForTokenAsync returns me a TokenResponse without a refresh_token . 我的问题是ExchangeCodeForTokenAsync返回我TokenResponse没有refresh_token 。 This means the access_token is only valid for 60 minutes. 这意味着access_token仅在60分钟内有效。 I would need to intercept exceptions at the service call level to call ExchangeCodeForTokenAsync again (if that works!), instead of relying on the Google API Client Library handling refreshing automatically all nicely. 我需要在服务调用级别拦截异常,以再次调用ExchangeCodeForTokenAsync (如果可行!),而不是依靠Google API客户端库来自动处理所有刷新。
What could be preventing ExchangeCodeForTokenAsync from returning me a refresh_token ? 是什么可以阻止ExchangeCodeForTokenAsync向我返回refresh_token ?
Thanks. 谢谢。
1 个解决方案
解决方案1
0 2017-10-17 18:25:15
Well, I found the answer in this other question . 好吧,我在另一个问题中找到了答案。
The refresh_token is only provided on the first authorization from the user.
I simply removed my app from my Google account's authorized apps, and my next ExchangeCodeForTokenAsync call returned me a refresh_token . 我只是从我的Google帐户的授权应用程序中删除了我的应用程序,而我的下一个ExchangeCodeForTokenAsync调用向我返回了refresh_token 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.