堆栈内存溢出
  简体   繁体   English

如何从登录Google登录(仅限客户端的应用程序)中正确获取访问令牌?

[英]How to properly get Access Token from logged in Google Sign In (client-side only app)?

 原文  2019-06-03 10:46:27       javascript/ google-api/ google-oauth2/ google-javascript-api

问题描述

I am using Google Sign-In button to let user logging in with their Google Account: 我正在使用Google登录按钮让用户使用其Google帐户登录: 

    gapi.signin2.render("container-btn-google-login", {
        scope: "email profile",
        onsuccess: (user) => {
            let token = user.getAuthResponse();
            setToken(token);

            // How can I get the Access Token here
            // that should be the same as user.Zi.access_token?

            resolve(token);
        },
    });

I am going to call other Google APIs and do not want to use their Javascript library (I am going to use fetch to call their REST APIs). 我打算调用其他Google API,不想使用他们的Javascript库(我将使用fetch来调用他们的REST API)。

However, when I put Authorization: token.id_token as Header, the request is rejected. 但是,当我将Authorization: token.id_token作为Header时,请求被拒绝。 If I manually put a value that I can see from the Console ( user.Zi.access_token ), it works. 如果我手动设置我可以从控制台( user.Zi.access_token )看到的值,它就可以工作。

How can I extract the access_token from Google API Javascript SDK? 如何从Google API Javascript SDK中提取access_token Using something cryptic and undocumented like Zi does not seem safe to me. 使用像Zi这样神秘而无证的东西对我来说似乎并不安全。

1 个解决方案

解决方案1
 0  2019-06-03 16:47:34

Okay, I have found the relevant documentation here. 好的,我在这里找到了相关文档 We can use user.getAuthResponse(true) to get the Auth Response with the access token and possibly other useful information: 我们可以使用user.getAuthResponse(true)来获取带有访问令牌的Auth响应以及可能的其他有用信息:

The parameter is includeAuthorizationData : 参数是includeAuthorizationData

Optional: A boolean that specifies whether to always return an access token and scopes. 可选:一个布尔值,指定是否始终返回访问令牌和范围。 By default, the access token and requested scopes are not returned when fetch_basic_profile is true (the default value) and no additional scopes are requested. 默认情况下,当fetch_basic_profile为true(默认值)且未请求其他范围时,不会返回访问令牌和请求的范围。

Example working code from my question: 我的问题中的工作代码示例: 

let token = user.getAuthResponse(true);
console.log(token.access_token)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何仅使用客户端JavaScript正确签署对Amazon的ItemLookup的GET请求? - How to properly sign a GET request to Amazon's ItemLookup using client-side JavaScript only? 如何刷新客户端的Google API访问令牌? - How to refresh a client-side Google api access token? 如何在纯客户端应用程序中从Google OAuth 2.0 API刷新access_token? - How to refresh access_token from Google OAuth 2.0 API in a pure client-side application? 如何将客户端 firebase 云消息传递令牌获取到谷歌云 function? - How do you get client-side firebase cloud messaging token into google cloud function? 如何构建无安装,仅客户端的数据库Web应用程序 - How to build a no install, client-side only, database web app 如何从客户端访问Facebook公共数据而不损害应用程序机密 - How to access Facebook public data from client-side without compromising app secret 如何从客户端 Javascript 文件中访问 Express app.locals 变量? - How can I access an Express app.locals variable from within a client-side Javascript file? 如何从 Google Sign-In Javascript SDK 获取访问令牌? - How to get the access token from Google Sign-In Javascript SDK? 如何访问我从客户端(NodeJs)发布的数据 - How to access the data I post from client-side (NodeJs) 使用现有访问令牌通过Google的gapi库进行的授权客户端JS API调用? - Authorized client-side JS API calls with Google's gapi library with an existing access token?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM