dongsuiying7773 2016-12-31 13:17
浏览 346

PHP oauth2如何使用refresh_token

I´m a bit puzzled how to use auth_ and refresh_token correctly in php.

I have registered a new client app with the oauth-provider. After that my app sends the client-id and secret to the oauth2-authorization-endpoint which returns following:

    [result] => Array
            [access_token] => qjdcshsmgwcuvi7hzpgxwqapfb8aoab60fmprk1g
            [expires_in] => 86400
            [token_type] => Bearer
            [scope] => basic
            [refresh_token] => whnutk9npmaikcn1bxbovleuqn9ggn9j00jgyiph

    [code] => 200
    [content_type] => application/json

Great, I can now query the API by use of access_token. BUT the access_token will expire in 24h and the whole dance will start again.


  • where do I store the access_token that the whole process does not run on every request? A session will not be persistent, in a conf file, memcache a DB?)
  • How to deal with the refresh token should I save a timestamp in the session and check if a new access_token has to be requested?
  • 写回答

1条回答 默认 最新

  • dongshao1021 2016-12-31 13:52

    If you only use those tokens when your user is online (as in signed in to your application), then I would store it in a session variable. If you'll also use the tokens when the user is not online, it would be recommended to store them in a database. In the first case, you'll receive a refresh token every time the user signs in. In the second case, you'll receive a refresh token only once (i.e. when the user links their 3rd party account to your application).

    To answer your second question, it would be advisable to store the expiry timestamp with the access_token.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 按要求对程序的逻辑进行更正
  • ¥50 悬赏帮写C++编程 诚信
  • ¥15 端口连接数为什么会有限制
  • ¥15 安卓数据提交之后格式不对
  • ¥15 需要数据库运行的图片
  • ¥15 如何获取vue-video-editor?
  • ¥100 vs2019 mfc程序如何实现64*64/48*48大小的真彩色工具栏
  • ¥15 全志v3s耳机音频输出口怎么外接功放
  • ¥15 华为ensp使用基本ACL限制公司网络访问
  • ¥15 帮我做下照片上的PLC题