最受欢迎

谷歌OAuth 2.0刷新令牌

Google OAuth 2.0 Refresh Token

本文关键字:刷新 令牌 OAuth 谷歌 | 更新日期: 2023-09-27

我正在创建一个需要Google OAuth身份验证的Web应用程序。

已成功收到刷新和访问令牌,但是,我似乎无法再次获取刷新令牌。

我了解我需要撤销帐户的访问权限才能再次获取刷新令牌。但是,这似乎不适用于我测试过的多个帐户。

登录.php

<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
    "response_type" => "code",
    "client_id" => "xxxx.apps.googleusercontent.com",
    "redirect_uri" => "http://xxxx.net/auth/callback",
    "scope" => "https://www.googleapis.com/auth/plus.me"
    );
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
?>

回调.php

<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";

$params_request = array(
    "response_type" => "code",
    "client_id" => "$client_id",
    "redirect_uri" => "$redirect_uri",
    "access_type" => "$access_type",
    "approval_prompt" => "$approval_prompt",
    "scope" => "$scope"
    );
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
    // try to get an access token
    $code = $_GET['code'];
    $url = 'https://accounts.google.com/o/oauth2/token';
    $params = array(
        "code" => $code,
        "client_id" => "$client_id",
        "client_secret" => "$client_secret",
        "redirect_uri" => "$redirect_uri",
        "grant_type" => "$grant_type"
    );
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $json_response = curl_exec($curl);
    curl_close($curl);
    $authObj = json_decode($json_response);
    echo "Refresh token: " . $authObj->refresh_token;
    echo "Access token: " . $authObj->access_token;
    exit("Done.");
}
header("Location: " . $request_to);
?>

在回调.php中,我尝试修改 $params_request 数组以包含 arrival_prompt="force" 配置,该配置应该需要用户身份验证并返回刷新令牌。但是这对我也不起作用。

我什至重新生成了客户端ID,从我的帐户撤销访问权限,清除缓存并重新尝试连接,但仍然只收到访问令牌!怎么了?有人可以为我提供一个解决方案和一种持续取回刷新令牌的方法吗?

提前感谢您的帮助和时间。

要为客户端获取新的刷新令牌,您首先需要在 Google 帐户的"帐户权限"选项卡中撤消客户端的访问权限来撤销现有/旧的刷新令牌,然后再次请求access_type=offline。撤销客户端的访问权限如下:https://security.google.com/settings/security/permissions?pli=1

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习