Google OAuth2 登录总是询问用户访问权限
Google OAuth2 login asks always for users access permissions
NOTE I found a lot of similar questions on this topic but no one of them was helpful so I decided to ask a question with the code
example.
我正在使用 Electron 桌面应用程序,用户通过 Google auth 使用他们的 google 帐户进行身份验证。
问题是每次注销时都会要求用户允许应用程序的访问权限。
onLogin = async () => {
if (!this.state.config || this.authWindow) return;
try {
const code = await this.openLoginWindow();
const { data } = await this.getAccessToken(code);
this.onGoogleLoginSuccess(data.id_token);
} catch(err) {
log.error(err);
this.onGoogleLoginFailure();
}
}
openLoginWindow = () => {
return new Promise((resolve, reject) => {
const { isDev, ELECTRON_GOOGLE_ID } = this.state.config;
const authWindow = this.authWindow = new electron.remote.BrowserWindow({
width: 500,
height: 600,
show: true,
parent: electron.remote.getCurrentWindow(),
modal: true
})
if (!isDev) {
authWindow.webContents.session.cookies.remove('https://accounts.google.com', 'SID', () => {});
}
const urlParams = {
response_type: 'code',
redirect_uri: GOOGLE_REDIRECT_URI,
client_id: ELECTRON_GOOGLE_ID,
scope: 'profile email',
}
authWindow.webContents.on('will-navigate', (event, url) => {
this.onRedirect(url, authWindow, resolve, reject);
});
authWindow.webContents.on('did-get-redirect-request', (event, oldUrl, newUrl) => {
this.onRedirect(newUrl, authWindow, resolve, reject);
});
authWindow.webContents.on('will-redirect', (event, url) => {
this.onRedirect(url, authWindow, resolve, reject);
});
authWindow.on('close', () => this.authWindow = null);
authWindow.loadURL(`${ GOOGLE_AUTHORIZATION_URL }?${ qs.stringify(urlParams) }`);
});
}
getAccessToken = code => {
return axios.post(GOOGLE_TOKEN_URL, qs.stringify({
code,
client_id: this.state.config.ELECTRON_GOOGLE_ID,
redirect_uri: GOOGLE_REDIRECT_URI,
grant_type: 'authorization_code',
}), {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
withCredentials: false
})
}
你看到这段代码有什么问题吗?
const urlParams = {
response_type: 'code',
redirect_uri: GOOGLE_REDIRECT_URI,
client_id: ELECTRON_GOOGLE_ID,
scope: 'profile email',
providerParams: {
access_type: 'offline',
prompt: 'select_account'
}
}
你能用这个 urlParams 对象试一次吗?
NOTE I found a lot of similar questions on this topic but no one of them was helpful so I decided to ask a question with the code example.
我正在使用 Electron 桌面应用程序,用户通过 Google auth 使用他们的 google 帐户进行身份验证。
问题是每次注销时都会要求用户允许应用程序的访问权限。
onLogin = async () => {
if (!this.state.config || this.authWindow) return;
try {
const code = await this.openLoginWindow();
const { data } = await this.getAccessToken(code);
this.onGoogleLoginSuccess(data.id_token);
} catch(err) {
log.error(err);
this.onGoogleLoginFailure();
}
}
openLoginWindow = () => {
return new Promise((resolve, reject) => {
const { isDev, ELECTRON_GOOGLE_ID } = this.state.config;
const authWindow = this.authWindow = new electron.remote.BrowserWindow({
width: 500,
height: 600,
show: true,
parent: electron.remote.getCurrentWindow(),
modal: true
})
if (!isDev) {
authWindow.webContents.session.cookies.remove('https://accounts.google.com', 'SID', () => {});
}
const urlParams = {
response_type: 'code',
redirect_uri: GOOGLE_REDIRECT_URI,
client_id: ELECTRON_GOOGLE_ID,
scope: 'profile email',
}
authWindow.webContents.on('will-navigate', (event, url) => {
this.onRedirect(url, authWindow, resolve, reject);
});
authWindow.webContents.on('did-get-redirect-request', (event, oldUrl, newUrl) => {
this.onRedirect(newUrl, authWindow, resolve, reject);
});
authWindow.webContents.on('will-redirect', (event, url) => {
this.onRedirect(url, authWindow, resolve, reject);
});
authWindow.on('close', () => this.authWindow = null);
authWindow.loadURL(`${ GOOGLE_AUTHORIZATION_URL }?${ qs.stringify(urlParams) }`);
});
}
getAccessToken = code => {
return axios.post(GOOGLE_TOKEN_URL, qs.stringify({
code,
client_id: this.state.config.ELECTRON_GOOGLE_ID,
redirect_uri: GOOGLE_REDIRECT_URI,
grant_type: 'authorization_code',
}), {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
withCredentials: false
})
}
你看到这段代码有什么问题吗?
const urlParams = {
response_type: 'code',
redirect_uri: GOOGLE_REDIRECT_URI,
client_id: ELECTRON_GOOGLE_ID,
scope: 'profile email',
providerParams: {
access_type: 'offline',
prompt: 'select_account'
}
}
你能用这个 urlParams 对象试一次吗?