I've been developing api and decided to use OAuth 2.0.
我一直在开发api并决定使用OAuth 2.0。
I'm currently using this package https://github.com/lucadegasperi/oauth2-server-laravel/ . I have one client which is using Authorization Code Grant and it works fine untill my access token expires - then I don't really know what to do except setting date manually. I've been reading about OAuth so much that I got really confused.
我目前正在使用这个软件包https://github.com/lucadegasperi/oauth2-server-laravel/。我有一个客户端正在使用授权代码授予,它工作正常,直到我的访问令牌到期 - 然后我真的不知道该怎么办,除了手动设置日期。我一直在读关于OAuth的事情,以至于我真的很困惑。
Should one grant be assigned to one client or should it switch? Which grant should I use? And what should I do after this token expires?
是应该将一笔赠款分配给一个客户还是应该转换?我应该使用哪种补助金?在此令牌过期后我该怎么办?
I'm quite new with OAuth, so please don't be cruel ;-)
我对OAuth很新,所以请不要残忍;-)
1 个解决方案
#1
0
You should enable the grants that you see fit. Typically this will be the authorization grant or sometimes the resource owner (password) grant. Both of these grant types allow you to issue a refresh token with your access token. The refresh token is a longer living token and is only sent to the authorization server when requesting an access token.
您应该启用您认为合适的拨款。通常,这将是授权授权或有时是资源所有者(密码)授权。这两种授权类型都允许您使用访问令牌发出刷新令牌。刷新令牌是一个较长的生存令牌,仅在请求访问令牌时发送到授权服务器。
Your application (client) should be setup in such a way that when authenticating with the resource server has failed due to a timed out access token it should immedietly send out another request to the authorization server with the refresh token. The authorization server should issue a new access token and (usually) a new reresh token. Your client should then update the users access token and continue as normal.
您的应用程序(客户端)应该以这样的方式设置:当资源服务器的身份验证由于超时访问令牌而失败时,它应立即使用刷新令牌向授权服务器发送另一个请求。授权服务器应发出新的访问令牌并(通常)发出新的重新令牌。然后,您的客户端应更新用户访问令牌并继续正常运行。
- Section 1.5. Refresh Tokens
第1.5节。刷新令牌
#1
0
You should enable the grants that you see fit. Typically this will be the authorization grant or sometimes the resource owner (password) grant. Both of these grant types allow you to issue a refresh token with your access token. The refresh token is a longer living token and is only sent to the authorization server when requesting an access token.
您应该启用您认为合适的拨款。通常,这将是授权授权或有时是资源所有者(密码)授权。这两种授权类型都允许您使用访问令牌发出刷新令牌。刷新令牌是一个较长的生存令牌,仅在请求访问令牌时发送到授权服务器。
Your application (client) should be setup in such a way that when authenticating with the resource server has failed due to a timed out access token it should immedietly send out another request to the authorization server with the refresh token. The authorization server should issue a new access token and (usually) a new reresh token. Your client should then update the users access token and continue as normal.
您的应用程序(客户端)应该以这样的方式设置:当资源服务器的身份验证由于超时访问令牌而失败时,它应立即使用刷新令牌向授权服务器发送另一个请求。授权服务器应发出新的访问令牌并(通常)发出新的重新令牌。然后,您的客户端应更新用户访问令牌并继续正常运行。
- Section 1.5. Refresh Tokens
第1.5节。刷新令牌