LinkedIn API OAuth 刷新令牌
LinkedIn API OAuth refresh token
我正在使用 LinkedIn API 从那里提取更新并显示在网站上。在使用 OAuth 时,我将令牌存储在一个文件中,然后再次从那里提取它以防止登录弹出窗口。但是,我不清楚我的令牌过期后将如何刷新。以下是我如何从文件中读取令牌 -
$config = json_decode(file_get_contents(".service.dat"));
if( isset($config->key) && isset($config->secret) ) {
$this->access_token = new OAuthConsumer($config->key, $config->secret);
}
对于身份验证,我有以下内容来获取请求令牌 -
function getRequestToken()
{
$consumer = $this->consumer;
$request = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", $this->request_token_path);
$request->set_parameter("oauth_callback", $this->oauth_callback);
$request->sign_request($this->signature_method, $consumer, NULL);
$headers = Array();
$url = $request->to_url();
$response = $this->httpRequest($url, $headers, "GET");
parse_str($response, $response_params);
$this->request_token = new OAuthConsumer($response_params['oauth_token'], $response_params['oauth_token_secret'], 1);
}
生成令牌后,我正在生成授权url:
function generateAuthorizeUrl()
{
$consumer = $this->consumer;
$request_token = $this->request_token;
return $this->authorize_path . "?oauth_token=" . $request_token->key;
}
LinkedIn 文档说明了有关刷新令牌的以下内容:
Refreshing an access token is very simple and can happen without an
authorization dialog appearing for the user. In other words, it's a
seamless process that doesn't affect your application's user
experience. Simply have your application go through the authorization
flow in order to fetch a new access token with an additional 60 day
life span.
我不清楚那是什么意思。如果我必须从再次获取请求令牌开始一直重做,那么是否需要我再次发出 http 请求并不得不弹出登录屏幕?我该如何避免呢?将不胜感激。
谢谢。
发现了。授权URL:
https://www.linkedin.com/oauth/v2/authorization
后跟访问令牌 url:
https://www.linkedin.com/oauth/v2/accessToken
是我真正需要做的(传递正确的参数)。
如果您阅读文档
Linkedin 不提供刷新令牌,您需要再次完成工作流程。
这里是简短的解释:
To refresh an Access Token, simply go through the authorization process outlined in this document again to fetch a new token. During the refresh workflow, provided the following conditions are met, the authorization dialog portion of the flow is automatically skipped and the user is redirected back to your callback URL, making acquiring a refreshed access token a seamless behind-the-scenes user experience
还有一个端点可以在令牌过期后刷新令牌,这里是有关方法的文档:https://docs.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens
我正在使用 LinkedIn API 从那里提取更新并显示在网站上。在使用 OAuth 时,我将令牌存储在一个文件中,然后再次从那里提取它以防止登录弹出窗口。但是,我不清楚我的令牌过期后将如何刷新。以下是我如何从文件中读取令牌 -
$config = json_decode(file_get_contents(".service.dat"));
if( isset($config->key) && isset($config->secret) ) {
$this->access_token = new OAuthConsumer($config->key, $config->secret);
}
对于身份验证,我有以下内容来获取请求令牌 -
function getRequestToken()
{
$consumer = $this->consumer;
$request = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", $this->request_token_path);
$request->set_parameter("oauth_callback", $this->oauth_callback);
$request->sign_request($this->signature_method, $consumer, NULL);
$headers = Array();
$url = $request->to_url();
$response = $this->httpRequest($url, $headers, "GET");
parse_str($response, $response_params);
$this->request_token = new OAuthConsumer($response_params['oauth_token'], $response_params['oauth_token_secret'], 1);
}
生成令牌后,我正在生成授权url:
function generateAuthorizeUrl()
{
$consumer = $this->consumer;
$request_token = $this->request_token;
return $this->authorize_path . "?oauth_token=" . $request_token->key;
}
LinkedIn 文档说明了有关刷新令牌的以下内容:
Refreshing an access token is very simple and can happen without an authorization dialog appearing for the user. In other words, it's a seamless process that doesn't affect your application's user experience. Simply have your application go through the authorization flow in order to fetch a new access token with an additional 60 day life span.
我不清楚那是什么意思。如果我必须从再次获取请求令牌开始一直重做,那么是否需要我再次发出 http 请求并不得不弹出登录屏幕?我该如何避免呢?将不胜感激。
谢谢。
发现了。授权URL:
https://www.linkedin.com/oauth/v2/authorization
后跟访问令牌 url:
https://www.linkedin.com/oauth/v2/accessToken
是我真正需要做的(传递正确的参数)。
如果您阅读文档
Linkedin 不提供刷新令牌,您需要再次完成工作流程。
这里是简短的解释:
To refresh an Access Token, simply go through the authorization process outlined in this document again to fetch a new token. During the refresh workflow, provided the following conditions are met, the authorization dialog portion of the flow is automatically skipped and the user is redirected back to your callback URL, making acquiring a refreshed access token a seamless behind-the-scenes user experience
还有一个端点可以在令牌过期后刷新令牌,这里是有关方法的文档:https://docs.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens