问题
I'm developing application where I need to perform server side requests to google API on user behalf.
In basic terms my application does this: Using gapi javascript library requests authentication and gets access_token the problem with that token that its short lived and there is no way I can extend it as far as I can tell using javascript google apis. Now my question is having that short lived token how can I use server side SDK (in my case c#) or direct WebClient connection to request a long lived (refresh_token)?
When client side authentication is done I have this data:
function handleAuthResult(authResult) {
if (authResult && !authResult.error) {
//Authentication successful
//authResults.access_token - has a valid token that expires in 60 minutes
//Say token set to this:ya29.AHES6ZRadMF0y*********c8GOC8KYZFkc6q1fCeT_Q
//Now I can send it using ajax to the server handler to try to extend
} else {
$("#google-cal-authorize-button").button("enable");
}
}
So once token is available I'm trying to extend it on the server, and it fails I must be doing something wrong Following example from https://developers.google.com/accounts/docs/OAuth2WebServer#offline Using WebClient
WebClient wc_ = new WebClient();
NameValueCollection prms = new NameValueCollection();
prms["client_id"] = "91884************n4v.apps.googleusercontent.com";
prms["client_secret"] = "cANBL0*********lMK4";
prms["refresh_token"] = "ya29.AHES6ZRadMF0y*********c8GOC8KYZFkc6q1fCeT_Q";
prms["grant_type"] = "refresh_token";
wc_.UploadValuesCompleted += (object sender, UploadValuesCompletedEventArgs e) =>
{
};
wc_.Headers.Add("Content-type", "application/x-www-form-urlencoded");
byte[] response = wc_.UploadValues(new Uri("https://accounts.google.com/o/oauth2/token"), "POST", prms);
Also I have access to Google.Apis Beta v1.5 http://www.nuget.org/packages/Google.Apis/1.5.0-beta on the server side but can't find a sample on how I can use those 2 libs in conjunction.
So if someone can provide a sample on how to extend client generated short lived access_token on the server would be great. If that's possible.
回答1:
You can't "extend client generated short lived access_token". That's not how oauth works.
You have two approaches you can take:-
- You can get a new access token using Javascript every hour. Provided you don't force a prompt, this will be invisible to the user. If you want to pass your access token to a server app for it to use, go ahead. See https://developers.google.com/accounts/docs/OAuth2UserAgent
- If you really want a refresh token, you need to explicitly request that when you request authorisation (type=offline). This can only be done on the server. Your server can then pass access tokens to the javascript client, or your client can happily continue requesting its own access tokens. See https://developers.google.com/accounts/docs/OAuth2WebServer
来源:https://stackoverflow.com/questions/19825696/google-oauth-getting-refresh-token-using-javascript-generated-oauth-access-token