2

我的会话每小时到期一次,并且在使用服务帐户身份验证方法时找不到有关如何刷新令牌的文档。对于已安装的应用程序,我可以RefreshTokenstate对象中获取

AuthorizationState state = new AuthorizationState(new[]
{
    "https://www.googleapis.com/auth/drive",
    "https://www.googleapis.com/auth/drive.file",
    "https://www.googleapis.com/auth/drive.metadata.readonly",
    "https://www.googleapis.com/auth/drive.readonly"
})
{
    Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl)
}
state = client.ProcessUserAuthorization(GetAuthorizationCode(), state);
Console.WriteLine(state.RefreshToken);

但是如何为服务帐户做到这一点?

X509Certificate2 certificate = new X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "mysecret", X509KeyStorageFlags.Exportable);

var provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, certificate)
{
    ServiceAccountId = SERVICE_ACCOUNT_EMAIL,
    Scope = DriveService.Scopes.Drive.GetStringValue(),
    ServiceAccountUser = "myemail@mydomain.com",
};

var auth = new OAuth2Authenticator<AssertionFlowClient>(provider, AssertionFlowClient.GetState);
DriveService service = DriveService(auth);

从 Google SDK 源代码中我发现该AssertionFlowClient.GetState函数执行以下操作

    IAuthorizationState state = new AuthorizationState(provider.Scope.Split(' '));

    if (provider.RefreshToken(state, null)) {
        return state;
    } else {
        return null;
    }

所以看起来它确实刷新了令牌。我将此函数调用添加到我的令牌刷新计时器,但它没有帮助。一小时后我仍然继续出现Invalid credentials异常。

4

1 回答 1

0

服务帐户不使用刷新令牌。您只需使用第一次使用的相同过程请求另一个访问令牌。请参阅 Google 的文档,了解访问令牌过期时的操作。

于 2013-08-16T01:29:01.133 回答