使用服务帐户与 OAuth 访问 Google API 时的限制
[英]Limits when accessing Google APIs using Service Account vs OAuth
问题描述
My current application access one of the Google APIs using "3-legs" OAuth 2.0.
我当前的应用程序使用“3-legs”OAuth 2.0 访问 Google API 之一。 User authorizes the app on Google consent screen, then the app requests API on behalf of the user and shows him some fancy data loaded from API.用户在 Google 同意屏幕上授权应用程序,然后应用程序代表用户请求 API 并向他显示从 API 加载的一些精美数据。 Everyday my application loads and transforms data from this API, so when the user comes next time, he sees the most relevant and actual data.每天我的应用程序都会从这个 API 加载和转换数据,因此当用户下次来时,他会看到最相关和最实际的数据。
Everything works fine on the start, but as time goes, I faced two problems: 1. Query limits.一开始一切正常,但随着时间的推移,我遇到了两个问题:1.查询限制。 2. Token lifetime. 2. 代币寿命。
My question is dedicated to the second one, that I refer as "token lifetime".我的问题专门针对第二个问题,我称之为“令牌生命周期”。 After some amount of time, the access token expires, and when user comes back to the app, our app obliged to send him to consent screen again.一段时间后,访问令牌过期,当用户返回应用程序时,我们的应用程序必须再次将他发送到同意屏幕。 Moreover, all the time while access token has been in expired state, my app cannot load relevant data for user.此外,当访问令牌一直在过期的 state 中时,我的应用程序无法为用户加载相关数据。
How can I solve this problem?我怎么解决这个问题? How to continue lifetime of access/refresh tokens?如何继续访问/刷新令牌的生命周期? Would Service account help?服务帐户有帮助吗? Would Service account work for Google Search Console API for every user, or should the user be a G Suite user inside my domain or what?服务帐户是否适用于每个用户的 Google Search Console API,或者该用户应该是我域内的 G Suite 用户还是什么? These questions are completely unclear from the official documentation here and from the Search Console API documentation .这些问题在此处的官方文档和Search Console API 文档中完全不清楚。
If you have past experience with Google's APIs, please help me!如果您有过使用 Google API 的经验,请帮助我! Thank you谢谢
1 个解决方案
解决方案1
1 已采纳 2020-05-28 00:59:44
When you use OAuth with user-consent, you do not need to prompt the user for consent repeatedly.当您在用户同意的情况下使用 OAuth 时,您不需要反复提示用户同意。
[a] If your usecase is entirely online and you want to be able to request a token each time the user visits your app, use the Google Sign In library or see this documentation for client-side apps . [a] 如果您的用例完全在线,并且您希望能够在用户每次访问您的应用程序时请求令牌,请使用Google 登录库或查看客户端应用程序的此文档。
[b] If your usecase is that you want to be able to obtain access tokens even when the user is not present, then you need to request an authorization code and store your refresh token. [b] 如果您的用例是即使用户不存在也希望能够获取访问令牌,那么您需要请求授权码并存储您的刷新令牌。 Your refresh tokens are longer-lived tokens and can be exchanged periodically for access tokens .您的刷新令牌是寿命更长的令牌,可以定期交换访问令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.