Google OAuth 2.0刷新令牌

时间:2015-03-15 02:25:10

标签: php oauth oauth-2.0 google-oauth google-login

我正在创建一个需要Google OAuth身份验证的网络应用程序。

我已成功收到刷新和访问令牌,但是,我似乎无法再次获取刷新令牌。

我知道我需要撤消帐户中的访问权限才能再次获取刷新令牌。但是,这似乎不适用于我测试过的多个帐户。

的login.php

<?php

$url = "https://accounts.google.com/o/oauth2/auth";

$params = array(
    "response_type" => "code",
    "client_id" => "xxxx.apps.googleusercontent.com",
    "redirect_uri" => "http://xxxx.net/auth/callback",
    "scope" => "https://www.googleapis.com/auth/plus.me"
    );

$request_to = $url . '?' . http_build_query($params);

header("Location: " . $request_to);
?>

callback.php

<?php

$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";


$params_request = array(
    "response_type" => "code",
    "client_id" => "$client_id",
    "redirect_uri" => "$redirect_uri",
    "access_type" => "$access_type",
    "approval_prompt" => "$approval_prompt",
    "scope" => "$scope"
    );

$request_to = $url . '?' . http_build_query($params_request);

if(isset($_GET['code'])) {
    // try to get an access token
    $code = $_GET['code'];
    $url = 'https://accounts.google.com/o/oauth2/token';
    $params = array(
        "code" => $code,
        "client_id" => "$client_id",
        "client_secret" => "$client_secret",
        "redirect_uri" => "$redirect_uri",
        "grant_type" => "$grant_type"
    );

    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $json_response = curl_exec($curl);
    curl_close($curl);

    $authObj = json_decode($json_response);

    echo "Refresh token: " . $authObj->refresh_token;
    echo "Access token: " . $authObj->access_token;

    exit("Done.");
}

header("Location: " . $request_to);

?>

在callback.php中,我试图修改$ params_request数组以包含arrival_prompt =“force”配置,该配置应该要求用户身份验证并返回刷新令牌。然而,这对我也不起作用。

我甚至可以重新生成客户端ID,撤消帐户访问权限,清除缓存并重新尝试连接,但仍然只接收访问令牌!怎么了?有人可以请我提供一个解决方案和一种方法来持续取回刷新令牌。

提前感谢您的帮助和时间。

1 个答案:

答案 0 :(得分:1)

要为您的客户端获取新的刷新令牌,首先需要撤消现有/旧刷新令牌,方法是在您的Google帐户的“帐户权限”标签中撤消对您客户的访问权限,然后再次请求access_type=offline。撤消对客户的访问权限在此完成:https://security.google.com/settings/security/permissions?pli=1