如何无限期使用一个访问令牌/刷新令牌(oauth2-Spotify API)
[英]How to get one access token/refresh token for indefinite use (oauth2 - Spotify API)
问题描述
I'm developing an application that will only use one Spotify account ever, and I don't quite understand the refresh token (using oauth2). 
我正在开发一个仅会使用一个Spotify帐户的应用程序,而且我不太了解刷新令牌(使用oauth2)。 Ideally, I'd like to just use the Spotify API console to receive an access token and refresh token once that I can use forever and not have to worry about authorization again while the application is running. 理想情况下,我只想使用Spotify API控制台来接收访问令牌并刷新令牌,以便我可以永久使用它,而不必在应用程序运行时再次担心授权。 If I have a refresh token, can I just use that refresh token forever or do I need to constantly get a new token with that refresh token whenever I want to access the API? 如果我有刷新令牌,是否可以永久使用该刷新令牌,或者每当我想访问API时都需要不断获取带有该刷新令牌的新令牌吗?
1 个解决方案
解决方案1
2 已采纳 2018-02-18 19:40:53
TLDR: You don't need to refresh access keys for every call, but you do have to refresh the access key if it expires. TLDR:您不需要为每个呼叫刷新访问密钥,但是如果访问密钥到期,则必须刷新。
Refresh tokens are part of the OAuth2 flow. 刷新令牌是OAuth2流的一部分。 Access keys are short lived and expire, while refresh tokens are long lived. 访问密钥的寿命很短并且会过期,而刷新令牌的寿命很长。 You can use the refresh token with your client secret to get new access tokens when your access token expires. 您可以在客户端密钥中使用刷新令牌,以在访问令牌过期时获取新的访问令牌。 This is a security measure. 这是一种安全措施。 In the event your access token is leaked, it is only short lived without the refresh token and client secret. 如果您的访问令牌泄漏,则只有短暂的时间,而没有刷新令牌和客户端机密。 In the event your refresh token is leaked, you can have that blacklisted. 万一您的刷新令牌泄漏了,您可以将其列入黑名单。
There are some exceptions if you're not accessing private data. 如果您不访问私有数据,则有一些例外。 The Spotify authorization guide has a Client Credentials flow that does not require refreshes but is also limited in what type of data it can access. Spotify授权指南的客户端凭据流不需要刷新,但可以访问的数据类型也受到限制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.