oauth2如何处理刷新令牌

I have been trying to implement my own OAuth2 Provider and I am a little stuck in the refresh_token part. How am I suppose to deal with it?Am I supposed to check for refresh_token in the API or in the client side? If I am a unclear Ill give a scenario:

Suppose I have a function in the API side checkToken which checks if the token is invalid or expired. I pass the invalid test easily. Then I check for the expired part. So the tricky part is here for me. In the function checkToken should I add

if(findRefreshToken($client_id, $user_id)) {
  $this->grantRefreshToken($client_id, $client_secret, $user_id);
} else {
   $this->error(401, 'Token expired');
}

Or should I only have error 401 and the client finds what to do with it?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanlei20082008 2013-07-23 06:01
关注
Here is my experience when implementing the oAuth library and api using this library.

If you are implementing it as a library,you need to have checkToken and refreshToken seperately.So the api(depending on the requirement) can decide whether to refresh token or not while checking/verifing the token.

When doing in the api, again it depends on the requirement.if the requirement is that the user session should be active for some time(say 4 hours) from his last access, then it is better to refresh token every time you are checking/validating the token. The same refresh token can be done on the client,but the issue will be that the client has to call refresh token after every api call,which means there will 2 calls for every single api.

Hope this will clarify.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

oauth2如何处理刷新令牌 php
2013-07-23 04:17

回答 1 已采纳 Here is my experience when implementing the oAuth library and api using this library. If you are
无法从google api OAuth2刷新令牌 php
2015-06-08 12:00

回答 1 已采纳 The refresh_token is not returned by default in Google OAuth2. The request for an authorization c
Oauth2客户端+用户访问令牌流 php
2015-05-18 15:07

回答 1 已采纳 A (single) client is either public, i.e. it has no client_secret associated with it, or confidenti
shopify-token:轻松获取Shopify API的OAuth 2.0访问令牌
2021-04-27 20:58

购物令牌该模块可帮助您检索Shopify REST API的访问令牌。它提供了一些方便的方法，可在实现。无需对服务器端体系结构进行任何假设，从而使该模块可以轻松适应任何设置。安装npm install --save shopify-token...
Spotify的OAuth无法使用curl获取刷新令牌 php
2016-01-31 05:44

回答 2 已采纳 The reason I was receiving a bad response is because I needed: curl_setopt($ch, CURLOPT_SSL_VERI
Golang Google云端硬盘Oauth2不返回刷新令牌
2017-03-09 23:58

回答 1 已采纳 The problem was not with the code, and the code works if you've never gone through the authorizati
使用PHP登录OAuth2 javascript php
2016-06-29 10:53

回答 1 已采纳 You should use redirects as you implied with JS frameworks. It works the same with Facebook. The
laravel-oauth2-login:提供中间件来保护需要OAuth2登录的资源
2021-05-07 04:20

刷新过期的令牌（缓存的）资源所有者信息允许与Auth/auth()集成的驱动程序安装使用作曲家： $ composer require kronthto/laravel-oauth2-login 注册服务提供商（启用自动发现）： Kronthto\LaravelOAuth2Login...
Google OAuth2验证服务器流中的访问令牌 php
2016-12-18 20:55

回答 1 已采纳 As a result of authorization success from Google, you should also get refresh_token. If you are no
如何在PHP中检索SAML2令牌以从WSO2 APIM获取OAuth令牌 php
2016-11-21 15:43

回答 2 已采纳 I have succeeded, so here are some indications for others who may have the same issue. I hacked
go-oauth2无法获取令牌：错误的请求
2016-03-15 04:10

回答 1 已采纳 I can solve it by adding one more handler var ( conf *oauth2.Config ) func GoogleCallbackHan
oauth2-server：符合规范，默认情况下安全PHP OAuth 2.0 Server
2021-02-05 20:58

您可以轻松地配置OAuth 2.0服务器以使用访问令牌保护您的API，或者允许客户端请求新的访问令牌并刷新它们。开箱即用，它支持以下赠款：授权码授予隐性补助客户凭证授予资源所有者密码凭据授予刷新补助金 ...
oauth2无法获取令牌：错误的请求
2016-03-08 06:48

回答 1 已采纳 You are trying to access an url parameter (code) which is not defined in your url. r.URL.Query().
base-lumen-oauth2:使用Leagueoauth2-server在Lumen PHP框架中实现OAuth 2服务器
2021-05-09 07:22

使用League / oauth2-server在Lumen PHP框架中实现OAuth 2服务器 Laravel Lumen是一个惊人的快速PHP微框架，用于使用具有表现力的优雅语法构建Web应用程序。该框架的文档可以在上找到。 Lumen PHP Framework版本...
OAuth2 Server php
2016-10-25 22:15

围观岳老师的博客 OAuth2 Server php 转自：http://www.cnblogs.com/rereadyou/p/3448381.html 使用 OAuth2-Server-php 在 Yii 框架上搭建 OAuth2 Server Yii 有很多 extension 可以使用，在查看了 Yii 官网上提供的与 OAuth ...
没有解决我的问题, 去提问

悬赏问题

¥15 安卓adb backup备份应用数据失败
¥15 eclipse运行项目时遇到的问题
¥15 关于#c##的问题：最近需要用CAT工具Trados进行一些开发
¥15 南大pa1 小游戏没有界面，并且报了如下错误，尝试过换显卡驱动，但是好像不行
¥15 没有证书，nginx怎么反向代理到只能接受https的公网网站
¥50 成都蓉城足球俱乐部小程序抢票
¥15 yolov7训练自己的数据集
¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)（相关搜索：51单片机|单片机|测试代码）
¥15 电力市场出清matlab yalmip kkt 双层优化问题
¥30 ros小车路径规划实现不了，如何解决？(操作系统-ubuntu)

oauth2如何处理刷新令牌

1条回答 默认 最新

悬赏问题

1条回答默认最新