访问令牌立即失效
对于一些用户(也许不是那么少,考虑到我收到的相关邮件的数量),与 OAUTH 授权关联的访问令牌似乎立即失效。用户被引导完成通常的授权过程,他接受权限,他被重定向到包含访问令牌的正确页面,但是一旦我的应用程序尝试使用访问令牌来获取用户 ID,就会收到错误相反:
{"error":{"message":"Error validating access token: Session has expired at unix time 0. The current unix time is 1323939801.","type":"OAuthException"}}
offline_access 是权限的一部分。此外,也不可能是用户取消授权或更改密码,因为这种情况是在接受授权后立即发生的。在我的应用程序流程中,我已经尝试重试几次,从收到的日志中我可以看到错误始终相同:再次引导用户完成授权过程没有用,因为用户再次重定向到页面片段中的access_token。显然,用户解决此问题的唯一方法是从授权应用程序列表中删除该应用程序,然后再次执行相同的操作(除非在第 n 次重试时它开始工作,并非所有用户在开始工作时都会回写)。
这可能是什么原因?
for a few users (maybe not that few, considering the number of related mails I'm receiving) the access token associated with an OAUTH authorization seems to be immediately invalidated. The user is guided through the usual authorization process, he accepts the permissions, he is redirected to the right page which includes the access token, but as soon as my application tries to use the access token to get the user ID, an error is received instead:
{"error":{"message":"Error validating access token: Session has expired at unix time 0. The current unix time is 1323939801.","type":"OAuthException"}}
The offline_access is part of the permissions. Besides, there's no way the cause is the user removing the authorization or changing password since this happens right after having accepted the authorization. In my app flow I already attempt a retry a few times and from the logs I receive I can see the error is always the same: guiding the user through the authorization process again has no use, since the user is redirected again to the page with the access_token in the fragment. Apparently the only way for a user to solve this is to remove the application from the list of authorized applications and do the same thing all over again (unless at the n-th retry it starts working, not all users write back when things start working).
What could be the reason for this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我似乎遇到了同样的问题,请在这里查看我的问题:由于用户更改了密码,会话已失效 ->编辑:我认为这不再是同一件事了,我找到了根本原因,请参阅该问题的答案。
这里还有另一个相关问题: 如何删除 Android 上所有可能缓存的令牌或会话 ID?
有任何线索吗?
I seem to have run into the same problem, see my question here: The session has been invalidated because the user has changed the password -> EDIT: i dont think this is the same thing any more, i found the rootcause for this, see answer for that question.
And another related question here: How can I remove all potentially cached tokens or session IDs on Android?
Any clues yet..?
离线访问已被弃用,我不会再要求它了。相反,至少在iOS SDK中,有一个更新方法。
Offline access is getting deprecated, I wouldn't ask for it anymore. Instead, in iOS SDK, at least, there's a renewal method.