[英]Authorization Code Grant: how can I get an access token when the user is not present?
I would like to ask the user to authorize my application only once and then be able to use his credentials to make DocuSign API call even when he is not connected to perform automatic operations.我想要求用户只授权我的应用程序一次,然后即使他没有连接执行自动操作,也可以使用他的凭据进行 DocuSign API 调用。
I am currently using Authorization Code Grant but how can i do to never ask the user to authorize my application again ?我目前正在使用授权代码授予,但我该怎么做才能不再要求用户对我的应用程序进行授权?
An excellent question.一个很好的问题。 Here's an answer:这是一个答案:
extended
in addition to scope signature
与用户一起使用授权代码时,除了范围signature
外,还包括范围extended
Result: Your app will always be able to use either its current access token for the user to do operations on behalf of the user, or will be able to get a new access token for use.结果:您的应用将始终能够使用其当前的访问令牌来代表用户执行操作,或者将能够获取新的访问令牌以供使用。
Caveat: Your app will need to use the refresh operation at least once every 30 days otherwise the refresh token will expire.警告:您的应用程序需要至少每 30 天使用一次刷新操作,否则刷新令牌将过期。 In that case, the user will need to re-authenticate via your app and the Authorization Code Grant flow.在这种情况下,用户将需要通过您的应用程序和授权代码授予流程重新进行身份验证。
Corner cases: Since the user can withdraw consent at any time, your app should gracefully handled that case.极端情况:由于用户可以随时撤回同意,因此您的应用应该优雅地处理这种情况。
Note Since the refresh token lasts 30 days, you'll want to store it in durable storage (eg a DBMS), not just in memory.注意由于刷新令牌持续 30 天,您需要将它存储在持久存储(例如 DBMS)中,而不仅仅是在内存中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.