Requesting refresh token fails.No refresh tokens were found in the token store

旧街凉风 提交于 2020-04-30 07:41:04

问题


I'm trying to get refresh token for Google from App Services,but I can't.

Log says

2016-11-04T00:04:25 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline 2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID configuration from https://accounts.google.com/.well-known/openid-configuration

2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID issuer keys from https://www.googleapis.com/oauth2/v3/certs

2016-11-04T00:04:25 PID[500] Information Redirecting: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=299597639...04000925%26redir%3D&access_type=offline

2016-11-04T00:05:17 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none

2016-11-04T00:05:17 PID[500] Verbose Calling into external HTTP endpoint POST https://www.googleapis.com/oauth2/v4/token.

2016-11-04T00:05:18 PID[500] Information Login completed for 'xxxxx@gmail.com'. Provider: 'google'.

2016-11-04T00:05:18 PID[500] Verbose Writing 'AppServiceAuthSession' cookie for site 'noteappsvr.azurewebsites.net'. Length: 728.

2016-11-04T00:05:18 PID[500] Information Redirecting: https://noteappsvr.azurewebsites.net/.auth/login/done#token=%7B%22authenti...d6ffa9924e5%22%7D%7D

2016-11-04T00:05:50 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/refresh

2016-11-04T00:05:50 PID[500] Verbose JWT validation succeeded. Subject: 'sid:4fd4f6...', Issuer: 'https://noteappsvr.azurewebsites.net/'.

2016-11-04T00:05:50 PID[500] Warning The refresh request issued by sid:4fd4f6... failed because no refresh tokens were found in the token store.

2016-11-04T00:05:50 PID[500] Information Sending response: 403.80 Forbidden

There seem to be no refresh tokens in token store,but why? I turned on token store setting on portal already.


回答1:


If Google detects that it has already given your user a refresh token, then it will not give additional refresh tokens unless you explicitly prompt the user for consent. You can do this by adding the prompt=consent query string parameter to the login URL. In your case, https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline&prompt=consent

Try this and see if that restores the Google refresh token.

Google documentation on this behavior can be found here (under the HTTP/REST tab): https://developers.google.com/identity/protocols/OAuth2WebServer#offline

Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the prompt parameter in the authorization code request, and set the value to consent.

In normal usage, the refresh token should not be lost. Let me know if you are seeing a case where it does get lost.



来源:https://stackoverflow.com/questions/40413516/requesting-refresh-token-fails-no-refresh-tokens-were-found-in-the-token-store

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!