5

我已阅读有关如何使用 Google API 的文档、示例和教程,我已经运行了一个迷你应用程序,它显示了您的最新活动和信息,但我使用会话来存储令牌。

我的问题是,如何从数据库中存储和检索令牌,以便当用户(已注册)单击“登录”时,无需重复授权即可立即使用 API?请注意,我使用该示例作为我的迷你应用程序的起点。

这是一个代码片段:

$client = new apiClient();
$client->setApplicationName(APP_NAME);
$client->setClientId(CLIENT_ID);
$client->setClientSecret(CLIENT_SECRET);
$client->setRedirectUri(REDIRECT_URL);
$client->setDeveloperKey(DEV_KEY);

$plus = new apiPlusService($client);
$google_userinfo = new apiOauth2Service($client);

$message = "";

// In a real application this would be stored in a database, and not in the session!
if (isset($_SESSION['token']))
  $client->setAccessToken($_SESSION['token']);

$_SESSION['token'] = $client->getAccessToken();

if (isset($_GET['code'])) {
   $client->authenticate();
  // In a real application this would be stored in a database, and not in the session!
  $_SESSION['token'] = $client->getAccessToken();
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}
...
 //Somewhere here, I added a function that ties $_SESSION['token'] to the user's info.
...
<form action="" method="post" id="form1" name="form1">
   <fieldset>
      <div id="main-url-section" style="width: 50%;margin: 0px auto;text-align: center;">
         <?php
            $authUrl = $client->createAuthUrl();
            print "<p><a class='login' href='$authUrl'>Log me in!</a></p>";
         ?>                                 
      </div>
    </fieldset>
</form>

非常感谢你的帮助!

问候,

约翰

4

2 回答 2

9

If you'd like Google to skip the authorization prompt for people who have already authorized your application, add this code in your configuration block at the top:

$client->setAccessType("online");
$client-> setApprovalPrompt("auto");

There's one catch with this solution: you will not receive a refresh token when you complete your OAuth dance. This means that your users will be redirected to Google's authentication service every time their access token expires in order to fetch a new one. This will happen roughly every hour.

Background Info

By default the PHP client library is configured to provide offline access. You can see this in the source code. When this mode is enabled the OAuth flow will yield a refresh token that can be used to request new access tokens as needed. You may not even notice this happening. The PHP client library takes care of most of this for you.

This refresh token comes at a cost, though. You are responsible for storing it. If you lose it, your user must re-authorize your application for you to be issued another one. The way you store it depends a lot on the details of your implementation. Session data is a reasonable way to do this if you can make it durable enough.

于 2012-04-12T01:41:18.990 回答
1

这是一个老问题,但在我看来,答案并不完整。

接受的答案以用户确实通过谷歌身份验证服务器的方式工作,只是看不到身份验证屏幕。问题是关于存储令牌并再次使用它而不将用户发送到 Google 服务器。

因此,如果这是您想要做的(并且它还允许您访问用户数据,即使他们当前没有使用您的应用程序),您需要做的就是请求一个包含刷新令牌的访问令牌。

您可以通过使用离线访问类型(顺便说一下,这不再是默认类型)来执行此操作 - 例如在 php:$client->setAccessType("offline");中。

请记住,您收到的访问令牌将仅在用户的第一次初始授权中包含刷新令牌,因此这就是您需要存储的内容。

然后,您可以只在客户端使用该访问令牌,即使它已过期,客户端也会负责刷新它并获取一个新令牌。

希望有帮助,阿莫斯

于 2015-09-26T16:48:46.047 回答