开发者

Does the token generated by Google's AuthSub change when a user logs into your application for the 2nd or 3rd time?

Im trying to build and automated log in using Googles authSub, but I need to store data for the users the log in.

... and basically I don't get it. Should the token from Google change the 2nd time a user logs in, that user looses his / her 开发者_开发百科info and you don't get any info like a userId that you can use to store information against it.

Unless the token does not change and you can store info against that token.

How would you store information (mySQL) for that token if it changes?

See http://code.google.com/apis/accounts/docs/AuthSub.html#WorkingAuthSub point 5


There are two kinds of token; I'm going to assume that you're not talking about the single-use token obtained from a call to AuthSubRequest, but are talking about the long-lived session token obtained from AuthSubSessionToken

The page explicitly says that

Session tokens do not expire.

So no, the token shouldn't become invalid just because a user logs in again.

On the other hand, if you ignore your existing token and request a new one - yes, you'll end up with a different token.

There is one thing (other than your app calling AuthSubRevokeToken, which of course will result in the token being invalidated) that can result in the token becoming invalid: the user can visit the Change authorized websites page and choose to manually invalidate a token. If that happens, all you can do is throw out the old one and request a new token.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜