Background
I'm working on an app that will run on a device which does not contain a browser, but I want to get the users google tasks through the google api.
我正在开发一款可以在不包含浏览器的设备上运行的应用,但我希望通过google api获取用户google任务。
Because of the lack of browser, they can't authenticate on the device, so I have it set up in such a way that they visit a website and authenticate there, then the device makes http requests to the website to get the data it needs.
由于缺少浏览器,他们无法在设备上进行身份验证,因此我将其设置为访问网站并在那里进行身份验证,然后设备向网站发出http请求以获取所需的数据。
Problem
Once I got everything working this system works out OK, the problem is it only works for a day or so before the user has to visit the website again to refresh their access token.
一旦我完成所有工作,这个系统运行正常,问题是它只能工作一天左右,然后用户必须再次访问网站刷新他们的访问令牌。
It would be great if the user could be authenticated for very long periods of time, or even forever (not sure if that's possible or secure). Can I get some suggestions on what people think is the best way to accomplish this kind of long term athentication?
如果用户可以在很长一段时间内进行身份验证,甚至永远进行身份验证(不确定是否可行或安全),那就太棒了。我能否就人们认为实现这种长期身份验证的最佳方式获得一些建议?
Refresh tokens?
I've heard there is a way to store the user's refresh token in a database and somehow use that to refresh their access token. If this sounds like a good way, can anyone point me in the direction of an example to get this to work?
我听说有一种方法可以将用户的刷新令牌存储在数据库中,并以某种方式使用它来刷新其访问令牌。如果这听起来像一个好方法,有人能指出我的方向来让这个工作吗?
I've been using the google api client library for ruby
我一直在使用google api客户端库来获取ruby
Thanks a lot!
非常感谢!
1 个解决方案
#1
0
You're on the right track with the refresh tokens. I can't help too much with the Ruby API, and honestly I just did this calling the REST api directly, but this doc should help you understand the actual calls you need to make.
使用刷新令牌,您就在正确的轨道上。我对Ruby API无能为力,说实话,我只是直接调用了REST api,但是这个文档可以帮助你理解你需要做的实际调用。
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Note that for a lot of their examples you need to remove the newlines for them to work.
请注意,对于他们的许多示例,您需要删除新行以使其工作。
Basically like you said, you need to send the user to https://accounts.google.com/o/oauth2/auth with the access-type=offline parameter for them to give consent. This comes back with an authorization code, which you send to /o/oauth2/token. This comes back with an access token and a refresh token. You can use the access token immediately, and you store the refresh token, which never expires. When the access token expires you send the refresh token to /o/oauth2/token (note that the grant_type changes to refresh_token) to get a new access token.
基本上就像你说的那样,你需要通过access-type = offline参数将用户发送到https://accounts.google.com/o/oauth2/auth,以便他们同意。这将带有授权代码,您可以将其发送到/ o / oauth2 / token。这带来了访问令牌和刷新令牌。您可以立即使用访问令牌,并存储永不过期的刷新令牌。当访问令牌到期时,您将刷新令牌发送到/ o / oauth2 / token(请注意,grant_type更改为refresh_token)以获取新的访问令牌。
#1
0
You're on the right track with the refresh tokens. I can't help too much with the Ruby API, and honestly I just did this calling the REST api directly, but this doc should help you understand the actual calls you need to make.
使用刷新令牌,您就在正确的轨道上。我对Ruby API无能为力,说实话,我只是直接调用了REST api,但是这个文档可以帮助你理解你需要做的实际调用。
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Note that for a lot of their examples you need to remove the newlines for them to work.
请注意,对于他们的许多示例,您需要删除新行以使其工作。
Basically like you said, you need to send the user to https://accounts.google.com/o/oauth2/auth with the access-type=offline parameter for them to give consent. This comes back with an authorization code, which you send to /o/oauth2/token. This comes back with an access token and a refresh token. You can use the access token immediately, and you store the refresh token, which never expires. When the access token expires you send the refresh token to /o/oauth2/token (note that the grant_type changes to refresh_token) to get a new access token.
基本上就像你说的那样,你需要通过access-type = offline参数将用户发送到https://accounts.google.com/o/oauth2/auth,以便他们同意。这将带有授权代码,您可以将其发送到/ o / oauth2 / token。这带来了访问令牌和刷新令牌。您可以立即使用访问令牌,并存储永不过期的刷新令牌。当访问令牌到期时,您将刷新令牌发送到/ o / oauth2 / token(请注意,grant_type更改为refresh_token)以获取新的访问令牌。