在Facebook的Graph API中,一旦我们对用户进行了初始身份验证,我们就可以直接与API(从服务器)进行交互,以获得长期的页面访问令牌。此长期页面访问令牌永不过期。(https://developers.facebook.com/docs/facebook-login/access-tokens/)
在阅读LinkedIn的文档时,似乎不可能获得具有无限期(非过期)访问令牌的访问令牌。似乎每60天就过期一次。但是,这些访问令牌可以在60天到期之前刷新。
文档中不完全清楚的是,访问令牌更新是否可以在没有客户端交互的情况下单独在服务器上执行。文档的语言表明需要客户端(浏览器)的交互,但没有明确说明。
所以,我的问题是,是否可以单独使用服务器更新LinkedIn访问令牌,而无需与客户端(浏览器)交互?
相关LinkedIn参考资料:https://developer.linkedin.com/documents/handling-errors-invalid-tokens
2条答案
按热度按时间mcdcgff01#
事实证明,如果LinkedIn用户没有登录到LinkedIn,LinkedIn的访问令牌就无法刷新。请参考LinkedIn员工的第一条评论here,其中明确指出
"this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."我想现在对于那些以前将linkedin访问令牌存储到数据库以供以后使用的人来说,这是一个主要问题。
我在这里提到了几个链接,涉及刷新linkedin oauth2令牌的问题(希望这能让每个正在为同一问题而挣扎的人都清楚):
1) This refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again.
2) There is no way to refresh the token using the old authentication token/secret. User needs to log into linkedin in order for you to refresh the tokens. We use this flow as it protects our members and their data in the best possible manner.
3) Refreshing an access token is very simple and can happen without an authorization dialog appearing for the user. In other words, it's a seamless process that doesn't affect your application's user experience. Simply have your application go through the authorization flow in order to fetch a new access token with an additional 60 day life span. When the following conditions exist: -User is still logged into Linkedin.com -The current access token isn't expired (within the 60 life span) We will automatically redirect the user back to your redirect_uri without requiring them to reauthorize your application. If they don't exist, we'll prompt them to login and then redirect them.
4) We have also standardized the duration of the authorization tokens. Previously, members could choose to grant tokens that were as short as one day or as long as forever. Now all tokens are 60 days in length, with the ability for you to extend them in a series of rolling 60 day increments whenever the member comes back to your application. To prevent a bad user experience in your application, be sure to proactively refresh tokens and elegantly route any expired tokens through a refresh flow.
5) As long as the user is logged into LinkedIn and their current access token hasn't expired, you can fetch an access token with a 60 day lifespan the next time the user comes to your application.
hec6srdp2#
我也有同样的问题,LinkedIn的文档和论坛帖子也很混乱,但我现在很确定,如果没有用户干预,不可能通过编程来实现。用户需要通过LinkedIn auth登录到您的应用程序以刷新令牌)。