问题描述

在请求OAuth凭据时，我可以将access_type指定为脱机"或在线".

When requesting OAuth credentials, I can specify the access_type to be Offline or Online.

选择在线访问"类型会强制用户在每次登录时批准对我的应用程序的访问.这是为什么?用户是否尚未批准我的应用?

Opting for the Online access type forces the users to approve access to my app each time they login. Why is that? Hasn't the user already approved my app?

更新#1:

我已将我的roval_prompt设置为自动".
如果我只是注销而不删除任何cookie的Google，它不会再提示我.但是删除Cookie会返回授权屏幕.

I have my approval_prompt set to 'auto'.
If I just log out of Google without deleting any cookies, it doesn't prompt me again. But deleting the cookies brings back the grant screen.

更新#2:

它可以在OAuth Playground上正常运行. http://code.google.com/oauthplayground/

It works fine through the OAuth Playground. http://code.google.com/oauthplayground/

将OAuth 2.0用于Web服务器应用程序 https://developers.google.com/accounts/docs/OAuth2WebServer

Using OAuth 2.0 for Web Server Applicationshttps://developers.google.com/accounts/docs/OAuth2WebServer

更新#3:相关代码段

用于生成OAuth URL的Helper方法

Helper method to generate OAuth URL

def build_auth_uri
    return @client.authorization.authorization_uri(
     :access_type => :online,
     :approval_prompt => :auto
    ).to_s 
end

在视图中调用Helper方法

Calling the Helper method in the View

<a href="<%= build_auth_uri %>">  Connect Me! </a>

网页上生成的OAuth URL

Generated OAuth URL on the webpage

https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&redirect_uri=http://localhost:3000/gclient/gcallback&response_type=code

推荐答案

在这些流中还有另一个参数起作用，我怀疑您正在遇到它.这是approval_prompt参数.

There is one other parameter that comes into play in these flows and I suspect you're running into it. It's the approval_prompt parameter.

当access_type=online时，还可以为approval_prompt指定一个值.如果将其设置为approval_prompt=force，则即使已授予用户权限，也会始终提示您.

When access_type=online you are also allowed to specify a value for approval_prompt. If it is set to approval_prompt=force, your user will always be prompted, even if they have already granted.

另一方面，当access_type=offline时，approval_prompt只能设置为approval_prompt=force，但是为了弥补此限制，您还提供了refresh_token，可用于刷新访问令牌.

On the other hand, when access_type=offline, approval_prompt can only be set to approval_prompt=force, but to make up for this restriction you're also provided a refresh_token which you can use to refresh your access token.

检查您的access_type=online正在打开的URL.尝试设置approval_prompt=auto.授权屏幕仅应在第一次出现.

Check the URL that your access_type=online is opening. Try setting approval_prompt=auto. The grant screen should only appear the first time.

这篇关于什么时候access_type = Online适用? :OAuth2-Google API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！