使用ruby的oauth2.0使用Box刷新令牌刷新回调访问令牌

时间:2020-03-05 05:14:39

标签: ruby box-api refresh-token

我是Box Api和红宝石的新手。我正在尝试刷新令牌,但不确定以下代码中的token_refresh_callback是什么

client = Boxr::Client.new('zX3UjFwNerOy5PSWc2WI8aJgMHtAjs8T',
                      refresh_token: 'dvfzfCQoIcRi7r4Yeuar7mZnaghGWexXlX89sBaRy1hS9e5wFroVVOEM6bs0DwPQ',
                      client_id: 'kplh54vfeagt6jmi4kddg4xdswwvrw8y',
                      client_secret: 'sOsm9ZZ8L8svwrn9FsdulLQVwDizKueU',
                      &token_refresh_callback)

此外,一旦我的访问令牌过期,此方法是否会撤消令牌? 感谢您的帮助!

2 个答案:

答案 0 :(得分:0)

使用访问和刷新令牌 access_token是发出API请求所需的实际字符串。每个access_token有效期为1个小时。要获取新的有效令牌,可以使用随附的refresh_token。每个refresh_token在60天内有效一次。您可以使用refresh_token获得新的access_token, 我们将重置您的计时器(为期60天),并给您一个新的refresh_token。 这意味着只要您的用户每60天使用您的应用程序一次,他们的登录就会永远有效。

在box_api_controller.rb文件中

def make_request
    #Check access token expire or not.
    check_access_token_expire = check_access_token_expire_dt
  if check_access_token_expire.split("-")[0] == "access_token"
    #Create client by passing Token
    @box_client = Boxr::Client.new(check_access_token_expire.split("-")[1])
    cookies[:token] = check_access_token_expire.split("-")[1]
  else
    if check_access_token_expire.split("-")[0] == "refresh_token"
        #Call method
        create_post_req_url("refresh_token","refresh_token",check_access_token_expire.split("-")[1])
    else
        # kick off authorization flow
        parameters = "response_type=code&client_id=<your client id>&redirect_uri=<your application url>/handle_user_decision/&state=security_token"
        url = "https://account.box.com/api/oauth2/authorize?#{parameters}"
        redirect_to url
    end
end 
end

授权客户端ID后,获取响应代码

def handle_user_decision
  # kick off authorization flow
  #Get authorization code
  code_url = Rack::Utils.parse_query URI(request.original_url).query
  code = code_url["code"] 
  #Call method
  create_post_req_url("authorization_code","code", code) 
end

创建帖子网址

def create_post_req_url(grant_type,header, code)
    #Set oauth2 url
    uri = URI.parse("https://api.box.com//oauth2//token")
    #Passing parameter
    data = "grant_type=#{grant_type}&#{header}=#{code}&client_id=<your client id>&client_secret=<your client secret key>"
    #Set header
    headers = {"Content-Type" => "application/x-www-form-urlencoded"}
    #Get http request
    http = Net::HTTP.new(uri.host,uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    #Do post the URL
    response = http.post(uri.path,data.to_s,headers)
    #Check response
    if response.code != "200"
        flash[:alert] =":#{response.code}  #{JSON.parse(response.body)}"
    else
        #flash[:alert] ="#{response.body.to_json}"
        parsed = JSON.parse(response.body) # returns a hash
        token = parsed["access_token"]
        cookies[:token] = nil
        cookies[:token] = token      
        if grant_type == "authorization_code"
            #Insert BOX access token details
            user = "<your drive user name>"
            insert_access_token(user, token, parsed["refresh_token"], Time.now)
        else
            if grant_type == "refresh_token"
                #Update BOX access token 
                updt_access_token(user, token, code, parsed["refresh_token"], Time.now)
            end  
        end
        redirect_to box_api_index_path
    end
end

检查访问令牌是否过期

def check_access_token_expire_dt
    @access_token_time = BoxApiAccessToken.getaccesstokentime
    if !@access_token_time.blank?
        @access_token_time.each do |token_details |
            if token_details.access_token_dt != nil
                if token_details.new_access_token_dt.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M') < Time.now.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M')
                    check_access_token_expire_dt = "refresh_token-#{token_details.refresh_access_token}"
                    return check_access_token_expire_dt
                else
                    check_access_token_expire_dt = "access_token-#{token_details.access_token}"
                    return check_access_token_expire_dt
                end
            else
                check_access_token_expire_dt = "new_token-req_new_token"
                return check_access_token_expire_dt
            end
        end
    else
        check_access_token_expire_dt = "new_token-req_new_token"
        return check_access_token_expire_dt
    end
end

在模型中

def insert_access_token(user,access_token,refresh_access_token,access_token_dt)
    @box_access_token = BoxApiAccessToken.new(
            :user => user,
            :access_token => access_token,
            :refresh_access_token => refresh_access_token,
            :access_token_dt => access_token_dt)

            #Save User Device Data
            @box_access_token.save
end

#Update access_token,refresh_access_token,access_token_dt details in DB


 def updt_access_token(user,access_token, refresh_access_token,new_refresh_access_token,access_token_dt)
    #@box_access_token_updt = BoxApiAccessToken.find_refresh_access_token(refresh_access_token)
    @box_access_token_updt = BoxApiAccessToken.find_by_refresh_access_token(refresh_access_token)
    attributes = {:access_token => access_token,:access_token_dt => access_token_dt, :refresh_access_token => new_refresh_access_token, :updated_at => access_token_dt}
    #Update the object
    @box_access_token_updt.update_attributes(attributes)
end

在index.html.erb 

<%= form_tag(:controller => "box_api", :action => 'make_request') do |f| %>
<div class="form-group"><%= submit_tag("Box Login", class: "btn btn-primary") %></div><% end %>

答案 1 :(得分:0)

我只想请求访问令牌,然后在其过期后使用刷新令牌刷新并循环。您如何看待我?

相关问题
最新问题