scribe 在oauth 2.0 中不支持refresh_token 对吧?
我发现 scribe 不会提取访问令牌中的 refresh_token 。
OAuth 1.0 提取器包含:
Preconditions.checkEmptyString(response, "Response body is incorrect. Can't extract a token from an empty string");
String token = extract(response, TOKEN_REGEX);
String secret = extract(response, SECRET_REGEX);
return new Token(token, secret, response);
其中包含令牌秘密。
但在OAuth2.0中,没有令牌秘密,而是用refresh_token代替。 Scribe 简单地忽略它:
Preconditions.checkEmptyString(response, "Cannot extract a token from a null or empty String");
Matcher matcher = accessTokenPattern.matcher(response);
if(matcher.find())
{
return new Token(matcher.group(1), "", response);
}
else
{
throw new OAuthException("Cannot extract an acces token. Response was: " + response);
}
这会导致问题。访问令牌将来可能会过期。我必须在每次登录过程中通过保存的刷新令牌来刷新访问令牌,但无法直接获取它。
我计划改进抄写员添加此功能(这并不难)...但是有人已经这样做了吗?
I found that scribe does not extract refresh_token in access token.
The OAuth 1.0 extractor contains:
Preconditions.checkEmptyString(response, "Response body is incorrect. Can't extract a token from an empty string");
String token = extract(response, TOKEN_REGEX);
String secret = extract(response, SECRET_REGEX);
return new Token(token, secret, response);
Which contains token secret.
But in OAuth2.0, there is no token secret, but refresh_token instead. Scribe simply ignores it:
Preconditions.checkEmptyString(response, "Cannot extract a token from a null or empty String");
Matcher matcher = accessTokenPattern.matcher(response);
if(matcher.find())
{
return new Token(matcher.group(1), "", response);
}
else
{
throw new OAuthException("Cannot extract an acces token. Response was: " + response);
}
This causes a problem. The access token may expire in the future. I have to refresh access token by saved refresh token in every login pregress, but there is no way to get it directly.
I planned to improve scribe add this feature (it's not difficult)... but has anyone already done this ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你说的是真的。 Scribe 不会为您提供访问令牌的
刷新方法。 Scribe 旨在让 OAuth 签名变得简单。 OAuth2.0 非常简单,如果每个人都在使用 OAuth2,那么抄写员可能就没有意义了(它在 1.0a 流程上大放异彩)。无论如何,您可以轻松地执行刷新步骤,如下所示:
希望有帮助!
What you say is true. Scribe doesn't give you a
refreshmethod for your access tokens. Scribe was meant to make OAuth signatures easy. OAuth2.0 is pretty easy and if everybody were doing OAuth2, there would be arguably no purpose for scribe (it shines on 1.0a flows).Anyway, you can easily do the refresh step like this:
Hope that helps!
您可以使用以下代码来做到这一点(以谷歌提供商为例)
You can do that using the following code (google provider as example)