Question

所以我使用googleapis lib设置了Google Oauth流程，在使用refresh_token之后，我似乎并没有oauthClient.getToken(code, ..)。它只返回access_token和id_token。

这是我的代码结果：

{
  access_token: "...",
  expiry_date: 1475080667529,
  id_token: "...",
  token_type: "Bearer"
}

这是我的代码：

function getOauth() {
  var oauthClient = new google.auth.OAuth2(
    config.googleOauth.id,
    config.googleOauth.secret,
    `${config.https ? 'https' : 'http'}://${config.baseUrl}/google`
  );
  return Bluebird.promisifyAll(oauthClient);
}

/**
 * Initialize session based of the auth code, which
 * gives us the accessToken and the payload.
 *
 * Returns a session with the user tokenized and
 * the accessToken for use to restore on page refresh.
 */
router.get('/initial', function * (req, res) {
  try { 
    let oauth = getOauth();
    let code = req.query.authorizationCode;
    let results = yield oauth.getTokenAsync(code);
    let tokens = results[0];
    let result = yield oauth.verifyIdTokenAsync(tokens.id_token, config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token, accessToken: tokens.id_token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

/**
 * Use the google provider's fetch method to restore the session
 * data using the accessToken.
 *
 * Returns a token created from the user and role, along with
 * all of the query props passed in.
 */
router.get('/restore', function * (req, res) {
  try {
    let oauth = getOauth();

    oauth.setCredentials({
      access_token: req.query.accessToken
    });

    let tokens = yield oauth.getAccessTokenAsync();
    let result = yield oauth.verifyIdTokenAsync(tokens[0], config.googleOauth.id);
    let payload = result.getPayload();
    let user = yield User.findOneByEmail(payload.email, req.communityConfig);
    let data = { user };

    if (user.role) {
      let role = yield Role.findOne(user.role, req.communityConfig);
      data.roles = [role];
    }

    let token = auth.createToken(data);

    res.json(extend({}, req.query, { token }));
  } catch(error) {
    console.log(error.message);
    throw new StatusError(401, error);
  }
});

所以一切正常，在初始和刷新时，但在access_token到期后，它不再进行身份验证。

令牌太晚了，1475070618.739＆gt; 1475005777

我听说我必须指定access_type到'offline'，但我甚至不知道在我的情况下在哪里设置它，我认为那是用于背景同步的。除此之外，它很难测试，因为它需要一天才能到期..

Answer 1

哇，SO上的另一个问题有助于解决我的问题。

access_type选项是 FRONTEND 选项。所以在我的情况下，它位于这里：https://github.com/Vestorly/torii/blob/master/addon/providers/google-oauth2.js 我将我的设置为'offline'。

撤销用户的访问权限（此处为https://security.google.com/settings/security/permissions）并重新同意后，系统会返回refresh_token。

zack-morris的这条评论Not receiving Google OAuth refresh token确实有帮助。

使用googleapis lib获取refresh_token

1 个答案: