【问题标题】:Getting refresh_token using googleapis lib使用 googleapis lib 获取 refresh_token
【发布时间】:2016-09-29 00:25:26
【问题描述】:

所以我使用 googleapis lib 设置了 Google Oauth 流,但在使用 oauthClient.getToken(code, ..) 后,我似乎没有使用 refresh_token。它只返回access_tokenid_token

这是我的代码结果:

{
  access_token: "...",
  expiry_date: 1475080667529,
  id_token: "...",
  token_type: "Bearer"
}

这是我的代码:

function getOauth() {
  var oauthClient = new google.auth.OAuth2(
    config.googleOauth.id,
    config.googleOauth.secret,
    `${config.https ? 'https' : 'http'}://${config.baseUrl}/google`
  );
  return Bluebird.promisifyAll(oauthClient);
}

/**
 * Initialize session based of the auth code, which
 * gives us the accessToken and the payload.
 *
 * Returns a session with the user tokenized and
 * the accessToken for use to restore on page refresh.
 */
router.get('/initial', function * (req, res) {
  try { 
    let oauth = getOauth();
    let code = req.query.authorizationCode;
    let results = yield oauth.getTokenAsync(code);
    let tokens = results[0];
    let result = yield oauth.verifyIdTokenAsync(tokens.id_token, config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token, accessToken: tokens.id_token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

/**
 * Use the google provider's fetch method to restore the session
 * data using the accessToken.
 *
 * Returns a token created from the user and role, along with
 * all of the query props passed in.
 */
router.get('/restore', function * (req, res) {
  try {
    let oauth = getOauth();

    oauth.setCredentials({
      access_token: req.query.accessToken
    });

    let tokens = yield oauth.getAccessTokenAsync();
    let result = yield oauth.verifyIdTokenAsync(tokens[0], config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

所以一切正常,在初始和刷新时,但在 access_token 过期后,它不再进行身份验证。

令牌使用太晚,1475070618.739 > 1475005777

我听说我必须将access_type 指定为'offline',但我什至不知道在哪里设置它,我认为这是为了后台同步之类的。除其他外,它很难测试,因为它需要大约一天才能过期..

【问题讨论】:

    标签: node.js ember.js google-oauth ember-simple-auth google-api-nodejs-client


    【解决方案1】:

    哇,关于 SO 的另一个问题帮助解决了我的问题。

    access_type 选项是 FRONTEND 选项。所以就我而言,它位于此处:https://github.com/Vestorly/torii/blob/master/addon/providers/google-oauth2.js 我将我的设置为'offline'

    撤销用户访问权限(此处为https://security.google.com/settings/security/permissions)并重新同意后,refresh_token 被退回。

    zack-morris 的这条评论 Not receiving Google OAuth refresh token 真的很有帮助。

    【讨论】:

      猜你喜欢
      • 2017-11-14
      • 2018-08-01
      • 1970-01-01
      • 1970-01-01
      • 2017-07-25
      • 2021-01-04
      • 2018-12-29
      • 1970-01-01
      • 2018-08-16
      相关资源
      最近更新 更多