Meteor账户-谷歌令牌过期

Question

Meteor账户-谷歌令牌过期

4

我已经设置Accounts-UI配置来存储Google离线令牌，如下所示：

if (Meteor.isClient) {
 Accounts.ui.config({
  requestOfflineToken: { google: true },
  forceApprovalPrompt: { google: true },
  requestPermissions: { google: ["https://mail.google.com/"] }
 });
}

然而，令牌似乎会过期。我猜想我需要以某种方式使用refreshToken。但在meteor中，我不确定应该如何操作。如果能得到帮助，将不胜感激。谢谢！

- Cocoa Nub

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- saimeunt · Accepted Answer

我建议使用Google API Node JS客户端来刷新您的访问令牌。

它作为服务器端NPM包可用，因此您可能希望使用此软件包，在Meteor应用程序中使用npmRequire。

使用此packages.json配置加载最新的googleapis软件包：

{
  "googleapis": "2.1.5"
}

然后在您的Meteor服务器代码中，您可以像这样刷新访问令牌：

ES2015

（指JavaScript编程语言的一个版本）

const GoogleApis = Meteor.npmRequire('googleapis');

function getAccessToken(user) {
  const googleService = user.services.google;
  // is token still valid for the next minute ?
  if (googleService.expiresAt < Date.now() + 60 * 1000) {
    // then just return the currently stored token
    return {
      access_token: googleService.accessToken,
      token_type: 'Bearer',
      id_token: googleService.idToken,
      expiry_date: googleService.expiresAt,
      refresh_token: googleService.refreshToken,
    };
  }
  // fetch google service configuration
  const googleServiceConfig = Accounts.loginServiceConfiguration.findOne({
    service: 'google',
  });
  // declare an Oauth2 client
  const oauth2Client = new GoogleApis.auth.OAuth2(googleServiceConfig.clientId, googleServiceConfig.secret);
  // set the Oauth2 client credentials from the user refresh token
  oauth2Client.setCredentials({
    refresh_token: user.services.google.refreshToken,
  });
  // declare a synchronous version of the oauth2Client method refreshing access tokens
  const refreshAccessTokenSync = Meteor.wrapAsync(oauth2Client.refreshAccessToken, oauth2Client);
  // refresh tokens
  const tokens = refreshAccessTokenSync();
  // update the user document with the fresh token
  Meteor.users.update(user._id, {
    $set: {
      'services.google.accessToken': tokens.access_token,
      'services.google.idToken': tokens.id_token,
      'services.google.expiresAt': tokens.expiry_date,
      'services.google.refreshToken': tokens.refresh_token,
    },
  });
  //
  return tokens;
}

这里是一个完整的示例，展示如何在使用Google服务之前刷新访问令牌。

function listMeteorChannel() {
  // fetch a user you want to act on behalf who authorized offline access
  const user = Meteor.users.findOne({
    'services.google.refreshToken': {
      $exists: true,
    },
  });
  if (!user) {
    return;
  }
  const googleServiceConfig = Accounts.loginServiceConfiguration.findOne({
    service: 'google',
  });
  // declare oauth2 client and set credentials
  const oauth2Client = new GoogleApis.auth.OAuth2(googleServiceConfig.clientId, googleServiceConfig.secret);
  // get user access token
  const tokens = getAccessToken(user);
  oauth2Client.setCredentials(tokens);
  // obtain the youtube service at version 3 and perform authentication at service level
  const youtube = GoogleApis.youtube({
    version: 'v3',
    auth: oauth2Client,
  });
  // declare a synchronous version of youtube.channels.list
  const youtubeChannelsListSync = Meteor.wrapAsync(youtube.channels.list, youtube.channels);
  // fetch an info snippet from the Meteor official YouTube channel
  const result = youtubeChannelsListSync({
    part: 'snippet',
    // Meteor channel ID
    id: 'UC3fBiJrFFMhKlsWM46AsAYw',
  });
  result.items.forEach((item) => {
    // display the channel title, which should be 'Meteor'
    console.log(item.snippet.title);
  });
}

Meteor.startup(listMeteorChannel);