如何使用Google OAuth2 Javascript库获取刷新令牌?

本文介绍了如何使用Google OAuth2 Javascript库获取刷新令牌?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在使用Google OAuth2 Javascript库向用户请求访问令牌.我想将令牌存储在服务器上的数据库中.

I'm using the Google OAuth2 Javascript library to request an access token from users. I want to store the token in a database on the server.

为了能够在令牌到期后访问该用户的数据，我还需要存储刷新令牌.我知道在使用服务器端Google OAuth2库(指定access_type = offline)时该怎么做，但是我需要能够通过客户端Javascript库来做到这一点，并且它不起作用.

To be able to access that user's data after the token expiration, I also need to store the refresh token. I know how to do that when using a server-side Google OAuth2 library (specify access_type=offline), but I need to be able to do it with the client-side Javascript library and it doesn't work.

推荐答案

您不要在客户端中存储刷新令牌！这类似于存储他的用户名和密码.

You do not want to store the refresh token in the client! That would be akin to storing his username and password.

Javascript客户端不支持type = offline，因为那样会暴露刷新令牌.

The Javascript client does not support type=offline, since that would expose the refresh token.

您的选择是:-

生成刷新令牌并将其存储在服务器上

让您的客户端仅在需要时继续请求访问令牌.设置immediate=true，以便与用户之间没有可见的交互

Generate and store the refresh token on the server

Have your client simply keep requesting access tokens as it needs them. Set immediate=true so there is no visible interaction with the user