我正在使用google-api-java-client版本1.8-beta进行oAuth2身份验证。一切正常,直到我得到GoogleTokenResponse对象,它具有访问令牌但没有刷新令牌。 构建请求url我使用以下方法:
... googleAuthenticationUrl = new GoogleAuthorizationCodeRequestUrl (CLIENT_ID,callBackUrl,作用域).build(); ...在获取请求令牌时,我使用此访问令牌进行交换 $ GoogleTokenResponse tokenResponse =新的GoogleAuthorizationCodeTokenRequest(新的NetHttpTransport(),新的JacksonFactory(),CLIENT_ID ,CLIENT_SECRET,request.getParameter(CODE_URL_PARAM),callBackUrl).execute(); ...
返回的GoogleTokenResponse对象不包含刷新标记:
{access_token:ya29.AH..etc ... 9-Y,expires_in:3600,token_type :持票人}请您在这个问题上说清楚我的看法?感谢您的帮助!
解决方案在构建请求URL时,应设置访问类型:
$ b $ requestUrl = new GoogleAuthorizationCodeRequestUrl(googleClientId,callBackUrl,scopes).setAccessType(offline)。build();如 page 设置此参数的建议:您明确地将access_type参数设置为脱机,因为我们预计当联机值引入时,它将作为默认行为。这可能会导致应用程序发生的意外更改,因为它会影响您的应用程序允许刷新访问令牌的方式。通过显式设置参数值为脱机状态,可以避免应用程序功能发生任何更改。 [...]
I'm using the google-api-java-client version 1.8-beta for oAuth2 authentication with Google accounts. Everything fine until I get the GoogleTokenResponse object, which has the access token but not refresh token. To build the request url I user the following method :
... googleAuthenticationUrl = new GoogleAuthorizationCodeRequestUrl(CLIENT_ID, callBackUrl, scopes).build(); ...When getting the request token I exchange it with an access token in this line :
... GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(), CLIENT_ID, CLIENT_SECRET, request.getParameter(CODE_URL_PARAM), callBackUrl).execute(); ...The returned GoogleTokenResponse object does not contains the refresh token :
{"access_token":"ya29.AH..etc...9-Y","expires_in":3600,"token_type":"Bearer"}Could you please shed my light on this issue ? Thank you very much for your help!
解决方案When building the request Url, you should set the Access Type :
requestUrl = new GoogleAuthorizationCodeRequestUrl(googleClientId, callBackUrl, scopes).setAccessType("offline").build();As described in this page setting this parameter is recommended :
[...] We recommend that you explicitly set the access_type parameter to offline because we anticipate that when the online value is introduced, it will be as the default behavior. This could cause unexpected changes in your application since it would affect the way that your application is allowed to refresh access tokens. By explicitly setting the parameter value to offline, you can avoid any changes in your application's functionality. [...]
更多推荐
获取空刷新令牌
发布评论