Google OAuth访问令牌
OAuth和Google让我很困惑。 我花了很长时间才得到refresh_token来创建一个新的access_token。 然后找出refresh_token也过期了? 有什么意义!!!
我需要做的就是坚持使用有效的access_token与legato一起使用。
这是我手动输入终端以检索OAUTH代码的内容:
client = OAuth2::Client.new('GA_CLIENT_ID', 'GA_SECRET_KEY', { :authorize_url => 'https://accounts.google.com/o/oauth2/auth', :token_url => 'https://accounts.google.com/o/oauth2/token' }) client.auth_code.authorize_url({ :scope => 'https://www.googleapis.com/auth/analytics.readonly', :redirect_uri => 'http://localhost', :access_type => 'offline', :approval_prompt=> 'force' }) 然后我在我的浏览器中手动输入输出的URL。 我将返回的OAUTH代码导出为env变量并获取访问令牌:
access_token = client.auth_code.get_token(ENV['GA_OAUTH_CODE'], :redirect_uri => 'http://localhost')
然后我可以访问access_token和refresh_token:
begin api_client_obj = OAuth2::Client.new(ENV['GA_CLIENT_ID'], ENV['GA_SECRET_KEY'], {:site => 'https://www.googleapis.com'}) api_access_token_obj = OAuth2::AccessToken.new(api_client_obj, ENV['GA_OAUTH_ACCESS_TOKEN']) self.user = Legato::User.new(api_access_token_obj) self.user.web_properties.first # this tests the access code and throws an exception if invalid rescue Exception => e refresh_token end end def refresh_token refresh_client_obj = OAuth2::Client.new(ENV['GA_CLIENT_ID'], ENV['GA_SECRET_KEY'], { :authorize_url => 'https://accounts.google.com/o/oauth2/auth', :token_url => 'https://accounts.google.com/o/oauth2/token' }) refresh_access_token_obj = OAuth2::AccessToken.new(refresh_client_obj, ENV['GA_OAUTH_ACCESS_TOKEN'], {refresh_token: ENV['GA_OAUTH_REFRESH_TOKEN']}) refresh_access_token_obj.refresh! self.user = Legato::User.new(refresh_access_token_obj) end
一小时后,我的令牌过期,我必须从浏览器再次手动启动该过程! 我怎么能在代码中复制这个?
在这里,你做了一些适合你的东西:)
这是一个简单的实现,专门用于缓解更新令牌的痛苦。
请务必:
- 放入您自己的
APP_ID和APP_SECRET。 - 每次只保存
refresh_token并在使用之前调用refresh_token(),或者每次都使用refresh_token_if_needed(),并重新保存token和expires_at(显然是首选,因为您只需在需要时刷新)。 - 让我知道它是如何成功的。
。
require 'gmail' require 'gmail_xoauth' require 'httparty' class GmailManager APP_ID = "DDDDDDDDDDDD-SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.apps.googleusercontent.com" APP_SECRET = "SSSSSS-SSSSSSSSSSSSSSSSS" def refresh_token(refresh_token) Rails.logger.info "[GmailManager:refresh_token] refreshing using this refresh_token: #{refresh_token}" # Refresh auth token from google_oauth2 and then requeue the job. options = { body: { client_id: APP_ID, client_secret: APP_SECRET, refresh_token: refresh_token, grant_type: 'refresh_token' }, headers: { 'Content-Type' => 'application/x-www-form-urlencoded' } } response = HTTParty.post('https://accounts.google.com/o/oauth2/token', options) if response.code == 200 token = response.parsed_response['access_token'] expires_in = DateTime.now + response.parsed_response['expires_in'].seconds Rails.logger.info "Success! token: #{token}, expires_in #{expires_in}" return token, expires_in else Rails.logger.error "Unable to refresh google_oauth2 authentication token." Rails.logger.error "Refresh token response body: #{response.body}" end return nil, nil end def refresh_token_if_needed(token, expires_on, refresh_token) if token.nil? or expires_on.nil? or Time.now >= expires_on Rails.logger.info "[GmailManager:refresh_token_if_needed] refreshing using this refresh_token: #{refresh_token}" new_token, new_expires_on = self.refresh_token(refresh_token) if !new_token.nil? and !new_expires_on.nil? return new_token, new_expires_on end else Rails.logger.info "[GmailManager:refresh_token_if_needed] not refreshing. using this token: #{token}" end return token, expires_on end end