我正在创建一个需要Google OAuth身份验证的网络应用程序。
我已成功收到刷新和访问令牌,但是,我似乎无法再次获取刷新令牌。
我知道我需要撤消帐户中的访问权限才能再次获取刷新令牌。但是,这似乎不适用于我测试过的多个帐户。
的login.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "xxxx.apps.googleusercontent.com",
"redirect_uri" => "http://xxxx.net/auth/callback",
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
?>
callback.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";
$params_request = array(
"response_type" => "code",
"client_id" => "$client_id",
"redirect_uri" => "$redirect_uri",
"access_type" => "$access_type",
"approval_prompt" => "$approval_prompt",
"scope" => "$scope"
);
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "$client_id",
"client_secret" => "$client_secret",
"redirect_uri" => "$redirect_uri",
"grant_type" => "$grant_type"
);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
echo "Refresh token: " . $authObj->refresh_token;
echo "Access token: " . $authObj->access_token;
exit("Done.");
}
header("Location: " . $request_to);
?>
在callback.php中,我试图修改$ params_request数组以包含arrival_prompt =“force”配置,该配置应该要求用户身份验证并返回刷新令牌。然而,这对我也不起作用。
我甚至可以重新生成客户端ID,撤消帐户访问权限,清除缓存并重新尝试连接,但仍然只接收访问令牌!怎么了?有人可以请我提供一个解决方案和一种方法来持续取回刷新令牌。
提前感谢您的帮助和时间。
答案 0 :(得分:1)
要为您的客户端获取新的刷新令牌,首先需要撤消现有/旧刷新令牌,方法是在您的Google帐户的“帐户权限”标签中撤消对您客户的访问权限,然后再次请求access_type=offline
。撤消对客户的访问权限在此完成:https://security.google.com/settings/security/permissions?pli=1