Google OAuth 2.0 刷新令牌
Google OAuth 2.0 Refresh Token
我正在创建一个需要 Google OAuth 身份验证的 Web 应用程序。
我已成功收到刷新和访问令牌,但是,我似乎无法再次获得刷新令牌。
我知道我需要撤销我帐户的访问权限才能再次获取刷新令牌。但是,这似乎不适用于我测试过的多个帐户。
login.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "xxxx.apps.googleusercontent.com",
"redirect_uri" => "http://xxxx.net/auth/callback",
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
?>
callback.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";
$params_request = array(
"response_type" => "code",
"client_id" => "$client_id",
"redirect_uri" => "$redirect_uri",
"access_type" => "$access_type",
"approval_prompt" => "$approval_prompt",
"scope" => "$scope"
);
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "$client_id",
"client_secret" => "$client_secret",
"redirect_uri" => "$redirect_uri",
"grant_type" => "$grant_type"
);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
echo "Refresh token: " . $authObj->refresh_token;
echo "Access token: " . $authObj->access_token;
exit("Done.");
}
header("Location: " . $request_to);
?>
在 callback.php 中,我试图修改 $params_request 数组以包含 arrival_prompt="force" 配置,这应该需要用户身份验证和 return 刷新令牌。然而这对我也不起作用。
我什至重新生成了客户端 ID,撤销了我帐户的访问权限,清除了我的缓存,然后重新尝试连接,但仍然只收到访问令牌!怎么了?有人可以为我提供一个解决方案和一种始终取回刷新令牌的方法。
提前感谢您的帮助和时间。
要为您的客户获取新的刷新令牌,您首先需要通过在您的 Google 帐户的“帐户权限”选项卡中撤销您的客户的访问权限来撤销 existing/old 刷新令牌,然后请求access_type=offline
再一次。撤销客户的访问权限在此处完成:https://security.google.com/settings/security/permissions?pli=1
我正在创建一个需要 Google OAuth 身份验证的 Web 应用程序。
我已成功收到刷新和访问令牌,但是,我似乎无法再次获得刷新令牌。
我知道我需要撤销我帐户的访问权限才能再次获取刷新令牌。但是,这似乎不适用于我测试过的多个帐户。
login.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "xxxx.apps.googleusercontent.com",
"redirect_uri" => "http://xxxx.net/auth/callback",
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
?>
callback.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";
$params_request = array(
"response_type" => "code",
"client_id" => "$client_id",
"redirect_uri" => "$redirect_uri",
"access_type" => "$access_type",
"approval_prompt" => "$approval_prompt",
"scope" => "$scope"
);
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "$client_id",
"client_secret" => "$client_secret",
"redirect_uri" => "$redirect_uri",
"grant_type" => "$grant_type"
);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
echo "Refresh token: " . $authObj->refresh_token;
echo "Access token: " . $authObj->access_token;
exit("Done.");
}
header("Location: " . $request_to);
?>
在 callback.php 中,我试图修改 $params_request 数组以包含 arrival_prompt="force" 配置,这应该需要用户身份验证和 return 刷新令牌。然而这对我也不起作用。
我什至重新生成了客户端 ID,撤销了我帐户的访问权限,清除了我的缓存,然后重新尝试连接,但仍然只收到访问令牌!怎么了?有人可以为我提供一个解决方案和一种始终取回刷新令牌的方法。
提前感谢您的帮助和时间。
要为您的客户获取新的刷新令牌,您首先需要通过在您的 Google 帐户的“帐户权限”选项卡中撤销您的客户的访问权限来撤销 existing/old 刷新令牌,然后请求access_type=offline
再一次。撤销客户的访问权限在此处完成:https://security.google.com/settings/security/permissions?pli=1