问题描述
我们在应用程序中使用了Dropbox API,但尚未找到成功取消身份验证的方法。
We're using the Dropbox API in our App but haven't found a way to succcessfully deauthenticate.
当前,我们在注销时调用disable_access_token,该方法可以正常工作(
Currently we call the disable_access_token on logout, which works (i.e. subsequent calls using the token fail).
不幸的是,下次启动OAuth2登录过程时,会话会完全恢复,而无需询问用户其凭据,这意味着直到卸载该应用程序,才能验证一个Dropbox用户的身份。
Unfortunately, the next time the OAuth2 login process is initiated the session gets completely revived without asking the user for their credentials, meaning that until the app is uninstalled, only one Dropbox user can be authenticated.
这似乎是一个回归问题,因为几周前一切正常(即会话不会自动恢复。)
This seems to be a regression issue as everything was working a few weeks ago (that is, the session was not being revived automatically).
编辑
很明显,我正在寻找一种方法以这样一种方式取消对用户的身份验证,即,当再次运行OAuth流程时,将向用户显示登录页面。这是相当强制性的行为,所以我希望有人找到了一种方法。
To be clear, I'm looking for a way to deauthenticate the user in such a way that when the OAuth process is run again the user is presented with the login page. This is fairly compulsory behaviour, so I'm hoping somebody has found a way.
推荐答案
我认为您反对的行为到是,用户无需重新允许您的应用即可自动重定向。如果用户为您的应用程序至少拥有一个可用的访问令牌,则会发生这种情况。
I think the behavior you're objecting to is that the user gets auto-redirected without having to "allow" your app again. This happens if the user has at least one usable access token for your app.
/ disable_access_token 仅禁用一个访问令牌,因此,如果用户还有其他令牌,他们将继续立即被重定向。
/disable_access_token only disables a single access token, so if the user has others, they'll continue to get immediately redirected.
因此,您可以谨慎选择始终为用户撤消每个令牌(而不是总是可能的,例如,如果他们不使用您应用程序中的注销功能),否则您将不得不完全禁用自动重定向。您可以通过将 force_reapprove 参数设置为 true 将用户重定向到。
So you can either be careful to always revoke every token for a user (not always possible, e.g. if they don't use the logout functionality in your app), or you'll have to disable auto-redirection altogether. You can do that by setting the force_reapprove parameter to true when you redirect the user to /oauth2/authorize.
出于好奇,您为什么需要这个?
Out of curiosity, why do you need this?
这篇关于通过Dropbox JSON API取消身份验证(webhooks)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!