问题
I'm trying to get refresh token for Google from App Services,but I can't.
Log says
2016-11-04T00:04:25 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline 2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID configuration from https://accounts.google.com/.well-known/openid-configuration
2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID issuer keys from https://www.googleapis.com/oauth2/v3/certs
2016-11-04T00:04:25 PID[500] Information Redirecting: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=299597639...04000925%26redir%3D&access_type=offline
2016-11-04T00:05:17 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none
2016-11-04T00:05:17 PID[500] Verbose Calling into external HTTP endpoint POST https://www.googleapis.com/oauth2/v4/token.
2016-11-04T00:05:18 PID[500] Information Login completed for 'xxxxx@gmail.com'. Provider: 'google'.
2016-11-04T00:05:18 PID[500] Verbose Writing 'AppServiceAuthSession' cookie for site 'noteappsvr.azurewebsites.net'. Length: 728.
2016-11-04T00:05:18 PID[500] Information Redirecting: https://noteappsvr.azurewebsites.net/.auth/login/done#token=%7B%22authenti...d6ffa9924e5%22%7D%7D
2016-11-04T00:05:50 PID[500] Verbose Received request: GET https://noteappsvr.azurewebsites.net/.auth/refresh
2016-11-04T00:05:50 PID[500] Verbose JWT validation succeeded. Subject: 'sid:4fd4f6...', Issuer: 'https://noteappsvr.azurewebsites.net/'.
2016-11-04T00:05:50 PID[500] Warning The refresh request issued by sid:4fd4f6... failed because no refresh tokens were found in the token store.
2016-11-04T00:05:50 PID[500] Information Sending response: 403.80 Forbidden
There seem to be no refresh tokens in token store,but why? I turned on token store setting on portal already.
回答1:
If Google detects that it has already given your user a refresh token, then it will not give additional refresh tokens unless you explicitly prompt the user for consent. You can do this by adding the prompt=consent query string parameter to the login URL. In your case, https://noteappsvr.azurewebsites.net/.auth/login/google?access_type=offline&prompt=consent
Try this and see if that restores the Google refresh token.
Google documentation on this behavior can be found here (under the HTTP/REST tab): https://developers.google.com/identity/protocols/OAuth2WebServer#offline
Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the prompt parameter in the authorization code request, and set the value to consent.
In normal usage, the refresh token should not be lost. Let me know if you are seeing a case where it does get lost.
来源:https://stackoverflow.com/questions/40413516/requesting-refresh-token-fails-no-refresh-tokens-were-found-in-the-token-store