问题描述

我正在使用系统浏览器进行身份验证.身份提供商-Google

I'm using the system browser for authentication. Identity Provider - Google

步骤

1-用户通过输入用户名和密码获得授权.此时，我得到了authentication_code.

1 - user gets authorized by entering user name and password. I get the authentication_code at this point.

2-我调用令牌端点，并获取访问令牌，id令牌和刷新令牌.

2 - I call the token end point and get access token, id token and refresh token.

当ID令牌过期时，我需要获取一个新的有效ID令牌.我需要执行此操作而不会提示用户输入他的凭据.

When the ID token expires, I need to get a new valid ID token. I need to do this without prompting the user to enter a his credentials.

问题-是否可以在不提示用户的情况下获取新的id令牌?刷新令牌并不一定会返回ID令牌，根据开放ID规范，刷新令牌也不是可保证的行为

Question - Is it possible to get a new id token without prompting the user? Refresh token does not always return an ID token and its not a guaranteed behavior according to the open id specification

尝试过的解决方案

使用"prompt = none，login_hint = username"来调用授权端点.这仍然会重定向到浏览器，然后返回到应用程序.

Calling the authorization end point with "prompt=none,login_hint=username". This still redirects to the browser and comes back to the app.

回应错误

AuthorizationException:{类型":1，代码":1008，错误":需要交互""

AuthorizationException: {"type":1,"code":1008,"error":"interaction_required"}

推荐答案

prompt=none是可行的方法；当您收到interaction_required时，表示提供者上的会话已过期，用户需要再次登录；无法解决此问题，因为您确实需要再次验证用户身份以防止滥用.如果SSO会话仍然有效-应该在很短的时间内-您将收到新的id_token.

prompt=none is the way to go; when you receive interaction_required it means that the session at the Provider expired and the user needs to login again; there's no way around that since you really need to authenticate the user again to prevent abuse. If the SSO session was still valid - which it should be for a short period of time - you would have received your new id_token.

这篇关于为本机应用程序打开ID连接，我需要获得有效的ID令牌，但在初始授权后不提示用户吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！