使用 googleapis 库获取 refresh_token

Question

所以我使用 googleapis 库设置了 Google Oauth 流程，在使用 oauthClient.getToken(code, ..) 之后我似乎没有 refresh_token。它只有 returns access_token 和 id_token.

这是我的代码结果：

{
  access_token: "...",
  expiry_date: 1475080667529,
  id_token: "...",
  token_type: "Bearer"
}

这是我的代码：

function getOauth() {
  var oauthClient = new google.auth.OAuth2(
    config.googleOauth.id,
    config.googleOauth.secret,
    `${config.https ? 'https' : 'http'}://${config.baseUrl}/google`
  );
  return Bluebird.promisifyAll(oauthClient);
}

/**
 * Initialize session based of the auth code, which
 * gives us the accessToken and the payload.
 *
 * Returns a session with the user tokenized and
 * the accessToken for use to restore on page refresh.
 */
router.get('/initial', function * (req, res) {
  try { 
    let oauth = getOauth();
    let code = req.query.authorizationCode;
    let results = yield oauth.getTokenAsync(code);
    let tokens = results[0];
    let result = yield oauth.verifyIdTokenAsync(tokens.id_token, config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token, accessToken: tokens.id_token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

/**
 * Use the google provider's fetch method to restore the session
 * data using the accessToken.
 *
 * Returns a token created from the user and role, along with
 * all of the query props passed in.
 */
router.get('/restore', function * (req, res) {
  try {
    let oauth = getOauth();

    oauth.setCredentials({
      access_token: req.query.accessToken
    });

    let tokens = yield oauth.getAccessTokenAsync();
    let result = yield oauth.verifyIdTokenAsync(tokens[0], config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

所以一切正常，在初始和刷新时，但在 access_token 过期后，它不再进行身份验证。

Token used too late, 1475070618.739 > 1475005777

我听说我必须将 access_type 指定为 'offline'，但我什至不知道在我的情况下在哪里设置它，我认为那是为了后台同步之类的东西。除此之外，它很难测试，因为它需要大约一天的时间才能过期..

Answer 1

哇，关于 SO 的另一个问题帮助解决了我的问题。

access_type 选项是一个 FRONTEND 选项。所以就我而言，它位于此处：https://github.com/Vestorly/torii/blob/master/addon/providers/google-oauth2.js 我将我的设置为 'offline'.

撤销用户的访问权限（此处https://security.google.com/settings/security/permissions）并重新同意后，返回refresh_token。

zack-morris 的这条评论 Not receiving Google OAuth refresh token 真的很有帮助。