发表新帖
发表新帖

Not receiving Google OAuth refresh token

前端 未结
关注
14 1405
佛祖请我去吃肉
佛祖请我去吃肉 2020-11-22 07:38

I want to get the access token from Google. The Google API says that to get the access token, send the code and other parameters to token generating page, and the response

相关标签:
14条回答
  • 北恋
    2020-11-22 08:14

    I searched a long night and this is doing the trick:

    Modified user-example.php from admin-sdk

    $client->setAccessType('offline');
$client->setApprovalPrompt('force');
$authUrl = $client->createAuthUrl();
echo "<a class='login' href='" . $authUrl . "'>Connect Me!</a>";

    then you get the code at the redirect url and the authenticating with the code and getting the refresh token

    $client()->authenticate($_GET['code']);
echo $client()->getRefreshToken();

    You should store it now ;)

    When your accesskey times out just do 

    $client->refreshToken($theRefreshTokenYouHadStored);
    0 讨论(0)
  • 灰色年华
    2020-11-22 08:15

    In order to get the refresh token you have to add both approval_prompt=force and access_type="offline" If you are using the java client provided by Google it will look like this:

    GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
            HTTP_TRANSPORT, JSON_FACTORY, getClientSecrets(), scopes)
            .build();

AuthorizationCodeRequestUrl authorizationUrl =
            flow.newAuthorizationUrl().setRedirectUri(callBackUrl)
                    .setApprovalPrompt("force")
                    .setAccessType("offline");
    0 讨论(0)
  • 灰色年华
    2020-11-22 08:18

    Rich Sutton's answer finally worked for me, after I realized that adding access_type=offline is done on the front end client's request for an authorization code, not the back end request that exchanges that code for an access_token. I've added a comment to his answer and this link at Google for more info about refreshing tokens.

    P.S. If you are using Satellizer, here is how to add that option to the $authProvider.google in AngularJS.

    0 讨论(0)
  • 挽巷
    2020-11-22 08:18

    Using offline access and prompt:consent worked well to me:

       auth2 = gapi.auth2.init({
                    client_id: '{cliend_id}' 
   });

   auth2.grantOfflineAccess({prompt:'consent'}).then(signInCallback);
    0 讨论(0)
  • 佛祖请我去吃肉
    2020-11-22 08:22

    1. How to get 'refresh_token' ?

    Solution: access_type='offline' option should be used when generating authURL. source : Using OAuth 2.0 for Web Server Applications

    2. But even with 'access_type=offline', I am not getting the 'refresh_token' ?

    Solution: Please note that you will get it only on the first request, so if you are storing it somewhere and there is a provision to overwrite this in your code when getting new access_token after previous expires, then make sure not to overwrite this value.

    From Google Auth Doc : (this value = access_type)

    This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens.

    If you need 'refresh_token' again, then you need to remove access for your app as by following the steps written in Rich Sutton's answer.

    0 讨论(0)
  • 礼貌的吻别
    2020-11-22 08:23

    Setting this will cause the refresh token to be sent every time:

    $client->setApprovalPrompt('force');

    an example is given below (php): 

    $client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->addScope("email");
$client->addScope("profile"); 
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
    0 讨论(0)
 看不清?
提交回复
热议问题