堆栈内存溢出
  简体   繁体   English

Oauth2 刷新令牌

[英]Oauth2 refresh tokens

 原文  2020-06-16 15:01:55       java/ oauth-2.0/ azure-active-directory

问题描述

Right now, my company runs a java app that uses IMAP and SMTP to read/send e-mails without user interaction.现在,我的公司运行一个 java 应用程序,它使用 IMAP 和 SMTP 读取/发送电子邮件,无需用户交互。 The authentication protocol we use is Basic Authentication.我们使用的身份验证协议是基本身份验证。 Microsoft has announces End-of-support for Basic authentication, which will be replaced by Oauth2. Microsoft 已宣布终止对基本身份验证的支持,它将被 Oauth2 取代。 Unfortunately, they did not provide a clear solution for applications without user interaction.不幸的是,他们没有为没有用户交互的应用程序提供明确的解决方案。 https://docs.microsoft.com/en-gb/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth https://docs.microsoft.com/en-gb/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

One of my ideas is to have users authenticate themselves (using Oauth2 authorization code flow) just once, the first time they start the service.我的一个想法是让用户在他们第一次启动服务时对自己进行一次身份验证(使用 Oauth2 授权代码流)。 Then, refresh tokens will be used to get access tokens without user interaction.然后,刷新令牌将用于在无需用户交互的情况下获取访问令牌。 It is very important that the connection is not broken because of short expiration dates or revocations.连接不会因为到期日期短或撤销而中断,这一点非常重要。 There will probably be nobody around to re-authenticate if the app will be unable to get new access tokens.如果应用程序无法获取新的访问令牌,可能没有人可以重新进行身份验证。

I cannot seem to find any information about expiry dates for these tokens (if it is possible to set it).我似乎找不到有关这些令牌到期日期的任何信息(如果可以设置的话)。 The ideal would be that they never expire...理想的情况是它们永不过期……

Does anyone know more about this?有人知道更多吗? It would help me a lot to know whether my idea is a viable approach.知道我的想法是否可行,对我有很大帮助。

1 个解决方案

解决方案1
 0  2020-06-16 15:31:44

Access tokens can be automatically refreshed.访问令牌可以自动刷新。 But to me more provider specific I did find some info on refresh token expiry here但对我来说,更具体的提供商,我确实在这里找到了一些关于刷新令牌到期的信息

https://docs.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens https://docs.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens

According to this link LinkedIn tokens access and refresh expire after a max of 365 days.根据此链接,LinkedIn 令牌访问和刷新最多在 365 天后过期。

Also if you see this link it says that the refresh token expires in 90 days if inactive but doesn't say anywhere that it will expire if active.此外,如果您看到此链接,它会说如果不活动,刷新令牌将在 90 天内过期,但没有在任何地方说如果处于活动状态它将过期。

https://docs.microsoft.com/en-us/office365/enterprise/session-timeouts https://docs.microsoft.com/en-us/office365/enterprise/session-timeouts

Can you provide a reference to the API that you are trying to use so that I find some more info on it (maybe)您能否提供对您尝试使用的 API 的参考,以便我找到有关它的更多信息(也许)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring-OAuth2-交换刷新和访问令牌的授权代码 - Spring - oauth2 - exchange authorization code for refresh and access tokens 春季OAuth2刷新令牌 - Spring OAuth2 Refresh token oAuth2 - 具有相同用户凭据的多个令牌 - oAuth2 - Multiple tokens with the same user credentials Spring OAuth2没有提供刷新令牌 - Spring OAuth2 not giving refresh token Oauth2 使用 Dagger2 刷新 Android - Oauth2 refresh with Dagger2 Android Google Oauth2 refresh_token为空 - Google Oauth2 refresh_token is empty Gmail 在 Java 中带有 Oauth2,带有带有 AuthorizationCodeFlow 的刷新令牌 - Gmail with Oauth2 in Java with refresh token with AuthorizationCodeFlow Spring Security用什么来生成OAuth2令牌? - What Spring Security uses to generate OAuth2 tokens? 在哪里存储社交登录 Oauth2 访问令牌 - Where to store Social Login Oauth2 access tokens Spring Boot Oauth2 授权服务器不接受有效令牌 - Spring Boot Oauth2 authorization server not accepting valid tokens
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM