我正在创建一个需要Google OAuth身份验证的Web应用程序.
I am creating a web application that requires Google OAuth authentication.
I have successfully recieved the refresh and access token, however, I cannot seem to get the refresh token again.
I understand that I need to revoke access from my account in order to get the refresh token again. However this does not seem to work on the multiple accounts that I have tested this on.
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "xxxx.apps.googleusercontent.com",
"redirect_uri" => "http://xxxx.net/auth/callback",
"scope" => "https://www.googleapis.com/auth/plus.me"
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";
$params_request = array(
"response_type" => "code",
"client_id" => "$client_id",
"redirect_uri" => "$redirect_uri",
"access_type" => "$access_type",
"approval_prompt" => "$approval_prompt",
"scope" => "$scope"
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "$client_id",
"client_secret" => "$client_secret",
"redirect_uri" => "$redirect_uri",
"grant_type" => "$grant_type"
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
$authObj = json_decode($json_response);
echo "Refresh token: " . $authObj->refresh_token;
echo "Access token: " . $authObj->access_token;
header("Location: " . $request_to);
在callback.php中,我试图修改$ params_request数组以包括arrival_prompt ="force"配置,该配置应该要求用户验证并返回刷新令牌.但是,这对我也不起作用.
Within callback.php, I have attempted to modify the $params_request array to include the arrival_prompt="force" configuration, which is supposed to require user authentication and return the refresh token. However this does not work for me either.
I have even went as far as to regenerate the client ID, revoke access from my account, clear my cache, and reattempt connection, yet still only recieve the access token! What is wrong? Could someone please provide me with a solution and a way to consistently get back the refresh token.
Thank you in advance for your help and time.
要为您的客户获取新的刷新令牌,您首先需要通过在帐户权限"标签中撤消对客户的访问权限来撤销现有/旧的刷新令牌.Google帐户,然后再次要求 access_type = offline
.撤消客户端访问权限的操作是在这里完成的: https://security.google.com/settings/security/permissions?pli = 1
To get a new refresh token for your client you first need to revoke the existing/old refresh token by revoking access for your client in the Account Permissions tab for your Google account and then ask for access_type=offline
again. Revoking access for clients is done here: https://security.google.com/settings/security/permissions?pli=1
这篇关于Google OAuth 2.0刷新令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!