cer*_*ina 15 ruby-on-rails access-token oauth-2.0 omniauth google-api-client
在我的机器上遇到一些SSL问题之后,我仍然试图通过Google Ruby Client API访问用户的Blogger帐户.我正在使用以下内容:
我可以在身份验证时通过Google API成功验证用户身份并访问他们的博客.当用户登录时,我会存储access_token并refresh_token从Google收到.一切都很好,直到access_token过期.我正在尝试构建交换refresh_token新功能的功能access_token,但不断遇到问题.以客户端文档为例,这是我正在使用的代码:
client = Google::APIClient.new
token_pair = auth.oauth_token # access_token and refresh_token received during authentication
# Load the access token if it's available
if token_pair
client.authorization.update_token!(token_pair.to_hash)
end
# Update access token if expired
if client.authorization.refresh_token && client.authorization.expired?
client.authorization.fetch_access_token!
end
blogger = client.discovered_api('blogger', 'v3')
result = client.execute(
api_method: blogger.blogs.list_by_user,
parameters: {'userId' => "self", 'fields' => 'items(description,id,name,url)'},
headers: {'Content-Type' => 'application/json'})
此代码在access_token有效时完美运行.一旦它到期,我就会看到两个问题:
expires_at了数据库中的值),但是client.authorization.expired?返回false- 除了使用数据库中的值之外,还有不同的方法可以检查令牌的过期吗?client.authorization.fetch_access_token!我得到一个invalid_request错误.有人可以让我知道如何使用客户端API 交换refresh_token新access_token的?即使你知道如何用另一种语言来做,这将是一个很大的帮助,因为我可以尝试Rubyfy它.谢谢!!
小智 26
您可能已经发现了这一点,但您可以在google上阅读整个过程:https://developers.google.com/accounts/docs/OAuth2WebServer
omniauth-google-oauth2策略已经负责设置access_type和approval_prompt,因此获取刷新令牌只需通过grant_type = request_token 发布到https://accounts.google.com/o/oauth2/token
这大致是我使用的代码:
def refresh_token
data = {
:client_id => GOOGLE_KEY,
:client_secret => GOOGLE_SECRET,
:refresh_token => REFRESH_TOKEN,
:grant_type => "refresh_token"
}
@response = ActiveSupport::JSON.decode(RestClient.post "https://accounts.google.com/o/oauth2/token", data)
if @response["access_token"].present?
# Save your token
else
# No Token
end
rescue RestClient::BadRequest => e
# Bad request
rescue
# Something else bad happened
end
Anj*_*jan 16
由于您使用的是Ruby Google API客户端,为什么不使用它来交换刷新令牌呢?Ruby API在内部做了几乎相同的事情,@ brimil01在他的回答中说过.
这就是我使用Ruby API交换刷新令牌以获取新访问令牌的方法.
def self.exchange_refresh_token( refresh_token )
client = Google::APIClient.new
client.authorization.client_id = CLIENT_ID
client.authorization.client_secret = CLIENT_SECRET
client.authorization.grant_type = 'refresh_token'
client.authorization.refresh_token = refresh_token
client.authorization.fetch_access_token!
client.authorization
end
根据此问题,建议不要使用该expired?方法来检查访问令牌是否已过期.
基本上,不要拨打过期?方法.基本上没有场景,这是一个好主意.它根本不会给你可靠的到期信息.它更多的是提示而不是真正的到期时间戳,并且令牌服务器可能决定在某些理论上但重要的情况下尊重过期的令牌.如果确实收到无效授权错误,请始终刷新访问令牌并重试一次.如果仍然出现错误,请提出错误.
这就是我的工作.
# Retrieved stored credentials for the provided user email address.
#
# @param [String] email_address
# User's email address.
# @return [Signet::OAuth2::Client]
# Stored OAuth 2.0 credentials if found, nil otherwise.
def self.get_stored_credentials(email_address)
hash = Thread.current['google_access_token']
return nil if hash.blank?
hash[email_address]
end
##
# Store OAuth 2.0 credentials in the application's database.
#
# @param [String] user_id
# User's ID.
# @param [Signet::OAuth2::Client] credentials
# OAuth 2.0 credentials to store.
def self.store_credentials(email_address, credentials)
Thread.current['google_access_token'] ||= {}
Thread.current['google_access_token'][email_address] = credentials
end
def self.credentials_expired?( credentials )
client = Google::APIClient.new
client.authorization = credentials
oauth2 = client.discovered_api('oauth2', 'v2')
result = client.execute!(:api_method => oauth2.userinfo.get)
(result.status != 200)
end
# @return [Signet::OAuth2::Client]
# OAuth 2.0 credentials containing an access and refresh token.
def self.get_credentials
email_address = ''
# Check if a valid access_token is already available.
credentials = get_stored_credentials( email_address )
# If not available, exchange the refresh_token to obtain a new access_token.
if credentials.blank?
credentials = exchange_refresh_token(REFRESH_TOKEN)
store_credentials(email_address, credentials)
else
are_credentials_expired = credentials_expired?(credentials)
if are_credentials_expired
credentials = exchange_refresh_token(REFRESH_TOKEN)
store_credentials(email_address, credentials)
end
end
credentials
end
| 归档时间: |
|
| 查看次数: |
7802 次 |
| 最近记录: |