我正试图从App Services获取Google的刷新令牌,但不能.
I'm trying to get refresh token for Google from App Services,but I can't.
日志说
2016-11-04T00:04:25 PID [500]详细收到的请求:GET noteappsvr.azurewebsites/.auth/login/google?access_type=offline 2016-11-04T00:04:25 PID [500]从 https下载详细的OpenID配置://accounts.google/.well-known/openid-configuration
2016-11-04T00:04:25 PID[500] Verbose Received request: GET noteappsvr.azurewebsites/.auth/login/google?access_type=offline 2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID configuration from accounts.google/.well-known/openid-configuration
2016-11-04T00:04:25 PID [500]从详细下载OpenID颁发者密钥www.googleapis/oauth2/v3/certs
2016-11-04T00:04:25 PID[500] Verbose Downloading OpenID issuer keys from www.googleapis/oauth2/v3/certs
2016-11-04T00:04:25 PID [500]信息重定向: accounts.google/o/oauth2/v2/auth?response_type=code&client_id=299597639...04000925%26redir%3D& access_type = offline
2016-11-04T00:04:25 PID[500] Information Redirecting: accounts.google/o/oauth2/v2/auth?response_type=code&client_id=299597639...04000925%26redir%3D&access_type=offline
2016-11-04T00:05:17 PID [500]详细收到的请求:GET "> noteappsvr.azurewebsites/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none
2016-11-04T00:05:17 PID[500] Verbose Received request: GET noteappsvr.azurewebsites/.auth/login/google/callback?state=nonce%3D5656e1dd...&prompt=none
2016-11-04T00:05:17 PID [500]详细调用到外部HTTP端点POST www.googleapis/oauth2/v4/token .
2016-11-04T00:05:17 PID[500] Verbose Calling into external HTTP endpoint POST www.googleapis/oauth2/v4/token.
2016-11-04T00:05:18 PID [500]信息已完成"xxxxx@gmail"的登录.提供商:"google".
2016-11-04T00:05:18 PID[500] Information Login completed for 'xxxxx@gmail'. Provider: 'google'.
2016-11-04T00:05:18 PID [500]详细写站点'noteappsvr.azurewebsites'的'AppServiceAuthSession'cookie.长度:728.
2016-11-04T00:05:18 PID[500] Verbose Writing 'AppServiceAuthSession' cookie for site 'noteappsvr.azurewebsites'. Length: 728.
2016-11-04T00:05:18 PID [500]信息重定向: noteappsvr.azurewebsites/.auth/login/done#token=%7B%22authenti...d6ffa9924e5%22%7D%7D
2016-11-04T00:05:18 PID[500] Information Redirecting: noteappsvr.azurewebsites/.auth/login/done#token=%7B%22authenti...d6ffa9924e5%22%7D%7D
2016-11-04T00:05:50 PID [500]详细收到的请求:GET noteappsvr.azurewebsites/.auth/refresh
2016-11-04T00:05:50 PID[500] Verbose Received request: GET noteappsvr.azurewebsites/.auth/refresh
2016-11-04T00:05:50 PID [500]详细的JWT验证成功.主题:"sid:4fd4f6 ...",发行者:" noteappsvr.azurewebsites/".
2016-11-04T00:05:50 PID[500] Verbose JWT validation succeeded. Subject: 'sid:4fd4f6...', Issuer: 'noteappsvr.azurewebsites/'.
2016-11-04T00:05:50 PID [500]警告sid:4fd4f6 ...发出的刷新请求失败,因为在令牌存储中未找到刷新令牌.
2016-11-04T00:05:50 PID[500] Warning The refresh request issued by sid:4fd4f6... failed because no refresh tokens were found in the token store.
2016-11-04T00:05:50 PID [500]信息发送响应:403.80禁止
2016-11-04T00:05:50 PID[500] Information Sending response: 403.80 Forbidden
令牌存储中似乎没有刷新令牌,但是为什么呢?我已经在门户网站上启用了令牌存储设置.
There seem to be no refresh tokens in token store,but why? I turned on token store setting on portal already.
推荐答案如果Google检测到它已经为您的用户提供了刷新令牌,那么除非您明确提示用户同意,否则它不会提供其他刷新令牌.您可以通过在登录URL中添加 prompt = consent 查询字符串参数来实现.就您而言, noteappsvr.azurewebsites/.auth/login/google?access_type=offline&prompt=同意
If Google detects that it has already given your user a refresh token, then it will not give additional refresh tokens unless you explicitly prompt the user for consent. You can do this by adding the prompt=consent query string parameter to the login URL. In your case, noteappsvr.azurewebsites/.auth/login/google?access_type=offline&prompt=consent
尝试一下,看看是否可以恢复Google刷新令牌.
Try this and see if that restores the Google refresh token.
有关此行为的Google文档可在此处(在HTTP/REST标签下)找到: developers.google/identity/protocols/OAuth2WebServer#offline
Google documentation on this behavior can be found here (under the HTTP/REST tab): developers.google/identity/protocols/OAuth2WebServer#offline
重要:当您的应用程序收到刷新令牌时,存储该刷新令牌以供将来使用很重要.如果您的应用程序丢失了刷新令牌,则在获取另一个刷新令牌之前,它必须重新提示用户同意.如果您需要重新提示用户同意,请在授权代码请求中包含提示参数,然后将值设置为同意.
Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the prompt parameter in the authorization code request, and set the value to consent.
在正常使用情况下,刷新令牌不应丢失.如果您看到丢失的情况,请告诉我.
In normal usage, the refresh token should not be lost. Let me know if you are seeing a case where it does get lost.
更多推荐
请求刷新令牌失败.在令牌存储中找不到刷新令牌
发布评论