堆栈内存溢出
  简体   繁体   English

Oauth2.0如何使用refresh token?

[英]How to use refresh token in Oauth2.0?

 原文  2022-12-23 14:07:13       javascript/ oauth-2.0/ authorization

问题描述

I understood that Refresh Token is used to get another access token after it expires.我了解到 Refresh Token 用于在其过期后获取另一个访问令牌。 But, I am confused about how to use it.So, here is what my code looks like(I am building a app with Twitter API and the app uses Oauth2.0 authorization):但是,我对如何使用它感到困惑。所以,这是我的代码的样子(我正在使用 Twitter API 构建一个应用程序,该应用程序使用 Oauth2.0 授权):

  1. User sends request to my API server with access token and refresh token(stored in cookies)用户使用访问令牌和刷新令牌(存储在 cookie 中)向我的 API 服务器发送请求

  2. In my server, when I make request to the Twitter API, first I request with access token--if the request is unauthorized(due to expired access_token) I use refresh token to get another access token and use that to make request.在我的服务器中,当我向 Twitter API 发出请求时,首先我使用访问令牌请求——如果请求未经授权(由于 access_token 过期),我使用刷新令牌获取另一个访问令牌并使用它来发出请求。

This 2) codeblock for everytime I make a API request to the Twitter API is infuriating me.每次我向 Twitter API 发出 API 请求时,这个 2) 代码块都让我很生气。 What is the better way to write.怎么写比较好。 Am I doing something wrong.难道我做错了什么。

1 个解决方案

解决方案1
 0  2022-12-24 20:47:23

You haven't included your code, so it's impossible to tell what might be incorrect about it.您还没有包含您的代码,因此无法判断它可能有什么不正确之处。 However, the process for using a refresh token is pretty straightforward.但是,使用刷新令牌的过程非常简单。 See here (under Refresh tokens near the top) and here (at step 5) in the docs.请参阅文档中的此处(位于顶部附近的刷新标记下)和此处(第 5 步)。

Essentially, you will make a POST call to https://api.twitter.com/2/oauth2/token with a URL-encoded body.本质上,您将使用 URL 编码的正文对https://api.twitter.com/2/oauth2/token进行 POST 调用。 You will include the refresh token and a grant type of refresh_token in that body.您将在该正文中包含刷新令牌和授权类型的refresh_token Depending on whether your app is a confidential client or not, you'll include the client ID in the body or in the header with a client secret.根据您的应用程序是否为机密客户端,您将在正文或带有客户端机密的标头中包含客户端 ID。

Whatever code you are using for the access token should be easily reusable with a few tweaks.无论您为访问令牌使用什么代码,都应该可以通过一些调整轻松重用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在oauth2.0进程中实现基于令牌的身份验证 - How to implement token based authentication in oauth2.0 process 如何正确使用Google的Javascript OAuth2.0库 - How to correctly use Google's Javascript OAuth2.0 library OAuth 2.0如何获取refresh token? - How to obtain refresh token in OAuth 2.0? 如何启动 OAuth2.0 流程? - How to initiate OAuth2.0 flow? 服务器如何在google oauth2.0中安全地向客户端发送访问令牌 - how can server send access token to client safely in google oauth2.0 oAuth2.0 实现 - oAuth2.0 implementation Sharepoint oauth 2.0 API 用于访问和刷新令牌 - Sharepoint oauth 2.0 API for access and refresh token 使用Graph OAuth v2.0刷新令牌 - Refresh token with Graph OAuth v2.0 Facebook OAuth2.0实施 - Facebook OAuth2.0 Implementation Oauth2.0属性已加密 - Oauth2.0 attributes encrypted
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM