coinbase的oauth2有时未能续约访问令牌（使用刷新令牌）

本文介绍了coinbase的oauth2有时未能续约访问令牌（使用刷新令牌）的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我在iOS应用程序整合coinbase和我使用的OAuth2进行身份验证。我能够通过正常的流程去后获得访问令牌。我也照顾尝试刷新我的访问令牌，只要任何请求，通过调用这个打了401（到期后）：

I am integrating coinbase in an iOS app and I am using Oauth2 to authenticate. I am able to get the access token after going through the usual workflow. I have also taken care to attempt refresh my access token whenever any requests hit a 401 (upon expiration) by calling this:

coinbase/oauth/token 数据：

grant_type=refresh_token&refresh_token=abcd1234&client_id=theclientid&client_secret=somesecretid

grant_type=refresh_token&refresh_token=abcd1234&client_id=theclientid&client_secret=somesecretid

它工作一段时间，但随后不时，它会失败，并请求响应：

It works for a while but then from time to time, it would fail with a request response:

NSHTTPURLResponse: 0x15eb2730 { URL: coinbase/oauth/token } { status code: 401, headers { "CF-RAY" = "f67d477aae4052e-YYZ"; "Cache-Control" = "no-store"; Connection = "keep-alive"; "Content-Type" = "application/json; charset=utf-8"; Date = "Sun, 02 Feb 2014 15:14:14 GMT"; Pragma = "no-cache"; Server = "cloudflare-nginx"; "Set-Cookie" = "__cfduid=<some long alpha-numeric string>; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.coinbase; HttpOnly"; Status = "401 Unauthorized"; "Strict-Transport-Security" = "max-age=31536000"; "Transfer-Encoding" = Identity; Vary = "Accept-Encoding"; "Www-Authenticate" = "Bearer realm=\"Doorkeeper\", error=\"invalid_request\", error_description=\"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.\""; "X-Content-Type-Options" = nosniff; "X-Frame-Options" = SAMEORIGIN; "X-Rack-Cache" = "invalidate, pass"; "X-Request-Id" = "<some long alpha-numeric string>"; "X-Runtime" = "0.012066"; "X-Ua-Compatible" = "IE=Edge,chrome=1"; } }

有没有人遇到这样的错误？我假设请求的URL是正确的始终。我不知道为什么它会抱怨缺少必需的参数或不支持的参数。我还没有想通了失败的模式呢。但愿有人在那里可能已经见过这个。

Has anyone encounter this error before? I have assume the request URL is correct always. I am not sure why it would complained about "missing required parameter" or "unsupported parameter". I havent figured out a pattern of failure yet. Hopefully, someone out there may have seen this before.

推荐答案

我一直没能直接找到任何文件有关refresh_token请求，但我认为你应该还包括在refresh_token要求REDIRECT_URI（基于这个： coinbase/docs/api/authentication#collapse2 ）

I haven't been able to find any documentation directly about refresh_token requests, but I think you're supposed to also include the redirect_uri in your refresh_token request (based on this: coinbase/docs/api/authentication#collapse2).

另外，我发现我的官方coinbase的应用程序需要重新授权前几天，但是当我登录到我的帐户coinbase，它说，该应用被授权前25天。所以，也许连request_tokens有超时？不使用应用程序一段时间后，你有没有要求request_token失败？

Also, I noticed that my official coinbase app required a re-auth a few days ago, but when I log in to my coinbase account, it says that the app was authorized 25 days ago. So, perhaps even the request_tokens have a timeout? Did your request_token request fail after not using the app for a while?

或许coinbase重的东西，失效所有的access_tokens和refresh_tokens的，因为我的应用程序，这是previously做工精细尽可能refresh_tokens，但现在失败的refresh_token请求。

Or maybe coinbase reset something and invalidated all of their access_tokens and refresh_tokens because my app, which was previously working fine as far as refresh_tokens, is now failing on the refresh_token request.

所以，我建议让您的应用程序重新检查，当发生这种情况，并得到一个新的access_token和refresh_token，因为我认为这是官方coinbase应用程序做什么。

So, I would suggest having your app re-authorize when this happens, and get a new access_token and refresh_token, since I think that's what the official coinbase app does.