Google 日历API 不刷新refresh_token
Google Calendar API does not refresh refresh_token
我将 google API 用于个人项目,因此我的应用程序未通过 google 验证。
我自己完全使用 this 代码示例,登录时会生成一个 token.json 文件。一切正常,每次我发出请求(每 10分钟)。
一周后,请求失败。 token.json 文件中的 "expiry" 字段刚好一周后。
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})
如果我理解正确,google 也应该更新 refresh_token,但这并没有发生。
我认为这部分会处理获取新的刷新令牌:
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request()) ## HERE ##
else:
这可能是我的应用未通过验证造成的?我没有找到任何关于 refresh_token.
行为的信息,几乎 none
您需要将您的应用发布到正式版才能解除 7 天的限制。
在 API 和服务 / Oauth 同意屏幕:
来自google documentation about refresh token expiration:
A Google Cloud Platform project with an OAuth consent screen
configured for an external user type and a publishing status of
"Testing" is issued a refresh token expiring in 7 days.
还有关于Testing publishing status:
Projects configured with a publishing status of Testing are limited to
up to 100 test users listed in the OAuth consent screen. A test user
consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test
user to authorize scopes requested by your project's OAuth clients.
The warning message confirms the user has test access to your project
but should consider the risks associated with granting access to their
data to an unverified app.
Authorizations by a test user will expire seven days from the time of
consent. If your OAuth client requests an offline access type and
receives a refresh token, that token will also expire.
A Brand Account may authorize scopes requested by your project's OAuth
clients if a specified test user manages the Brand Account.
A test user may be unable to authorize scopes requested by your
project's OAuth clients due to the availability of Google Services for
the account or configured restrictions. A Google Workspace may control
which third-party apps access its data or an account enrolled in
Advanced Protection may block most non-Google apps.
我将 google API 用于个人项目,因此我的应用程序未通过 google 验证。
我自己完全使用 this 代码示例,登录时会生成一个 token.json 文件。一切正常,每次我发出请求(每 10分钟)。
一周后,请求失败。 token.json 文件中的 "expiry" 字段刚好一周后。
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})
如果我理解正确,google 也应该更新 refresh_token,但这并没有发生。
我认为这部分会处理获取新的刷新令牌:
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request()) ## HERE ##
else:
这可能是我的应用未通过验证造成的?我没有找到任何关于 refresh_token.
您需要将您的应用发布到正式版才能解除 7 天的限制。
在 API 和服务 / Oauth 同意屏幕:
来自google documentation about refresh token expiration:
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
还有关于Testing publishing status:
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
A Brand Account may authorize scopes requested by your project's OAuth clients if a specified test user manages the Brand Account.
A test user may be unable to authorize scopes requested by your project's OAuth clients due to the availability of Google Services for the account or configured restrictions. A Google Workspace may control which third-party apps access its data or an account enrolled in Advanced Protection may block most non-Google apps.