问题描述
我有一个与YouTube Live Streaming API集成的程序.它运行在计时器上,因此我编程起来相对容易,每隔50分钟使用刷新令牌来获取一个新的访问令牌.我的问题是,为什么?
I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why?
当我通过YouTube进行身份验证时,它给了我一个刷新令牌.然后,我使用此刷新令牌大约每小时获取一次新的访问令牌.如果我有刷新令牌,由于它永不过期,我可以始终使用它来获取新的访问令牌.因此,除了从一开始就给我访问令牌并且不打扰整个刷新令牌"系统,我看不出这有什么安全性.
When I authenticated with YouTube, it gave me a Refresh Token. I then use this refresh token to get a new Access Token about once an hour. If I have the Refresh Token, I can ALWAYS use this to get a new Access Token, since it never expires. So I don't see how this is any more secure than just giving me an Access Token from the start and not bothering with the whole Refresh Token system.
推荐答案
基本上,刷新令牌用于获取新的访问令牌.
Basically, refresh tokens are used to get new access token.
为清楚地区分这两个标记并避免混淆,以下是它们在中给出的功能OAuth 2.0授权框架:
To clearly differentiate these two tokens and avoid getting mixed up, here are their functions given in The OAuth 2.0 Authorization Framework:
现在,要回答有关为何仍向您颁发刷新令牌而不只是保护访问令牌的问题,这是Internet工程任务组在刷新令牌为:
Now, to answer your question on why you were still being issued a refresh token instead of just securing an access token, the main reason provided by Internet Engineering Task Force in Refresh tokens is:
有关OAuth 2.0 Flow的更详细和完整的信息,请尝试阅读以下参考资料:
For a more detailed and complete information of OAuth 2.0 Flow, please try going through the following references:
- OAuth 2.0 Flow: Server-side web apps
- The OAuth 2.0 Authorization Framework issued by Internet Engineering Task Force (IETF)
- SO post - Why Does OAuth v2 Have Both Access and Refresh Tokens?
这篇关于“刷新令牌"的目的是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!