背景
我在我的Rails应用程序中使用一个Omniauth-oauth2子类策略。当需要刷新access_token时,我发现需要创建OAuth2::AccessToken
。但是要创建它,似乎需要OAuth2::Client
,我认为可以从“Omniauth-oauth2子类策略”中获取。
我找到了这个解决方案:在Rails应用程序中使用Omniauth-oauth2刷新令牌,这是他们解决获取策略的方法。
# the initial param:nil is meant to be a rack object, but since
# we don't use it here, we give it a nil
strategy = OmniAuth::Strategies::YOUR_PROVIDER.new nil, client_id, client_secret
client = strategy.client
your_expired_at_from_your_provider = Time.now.to_i
hash = {
access_token: "your access_token from your provider",
refresh_token: "your refresh_token from your provider",
expires_at: your_expired_at_from_your_provider,
}
access_token_object = OAuth2::AccessToken.from_hash(client, hash)
access_token_object.refresh!
https://github.com/omniauth/omniauth/blob/v1.6.1/lib/omniauth/strategy.rb#L132 https://github.com/intridea/omniauth-oauth2/blob/v1.4.0/lib/omniauth/strategies/oauth2.rb#L35 https://github.com/intridea/oauth2/blob/master/lib/oauth2/access_token.rb#L12 https://github.com/intridea/oauth2/blob/v1.4.0/lib/oauth2/access_token.rb#L82
问题
我不理解的是,通过给第一个参数传递nil
来创建策略似乎有点hacky。
"omniauth-oauth2子类策略"在rack中(如下图所示),因此我认为有一种方法可以从rack中间件访问策略,但我不确定。
问题
创建类似上述的策略是刷新令牌的唯一方法吗?
strategy -> client -> access_token_object -> refresh!