api - LinkedIn 的访问 token 更新流程可以在服务器上执行吗？

Question

在 Facebook 的 Graph API 中，一旦我们对用户进行了初始身份验证，我们就可以直接与 API(从服务器)交互以获取长期存在的页面访问 token 。这个长期存在的页面访问 token 永不过期。 ( https://developers.facebook.com/docs/facebook-login/access-tokens/ )

在阅读 LinkedIn 的文档时，似乎不可能获得具有无限期(非过期)访问 token 的访问 token 。它们似乎每 60 天到期一次。但是，这些访问 token 可以在 60 天结束之前刷新。

文档中不完全清楚的是，访问 token 更新是否可以在没有客户端交互的情况下单独在服务器上执行。文档的语言表明需要客户端(浏览器)的交互，但没有明确说明。

所以，我的问题是，是否可以单独使用服务器更新 LinkedIn 访问 token ，而无需客户端(浏览器)的交互？

相关LinkedIn引用资料:https://developer.linkedin.com/documents/handling-errors-invalid-tokens

Answer 1

事实证明，如果linkedin 用户没有登录linkedin，则无法刷新linkedin 的访问 token 。请引用第一条评论here由 LinkedIn 员工撰写，其中明确指出 "this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."
我想这对于那些以前将linkedin 访问 token 存储到数据库以供以后使用的人来说现在是一个主要问题。

我在这里提到的几个链接是指刷新linkedin oauth2 token 的问题(希望这能让每个遇到相同问题的人都清楚):

1) This refresh will only work if the user is still logged into LinkedIn (authenticated) and thecurrent access token isn't expired. Otherwise, the user will be presented with the logindialog again.

2) There is no way to refresh the token using the old authentication token/secret. Userneeds to log into linkedin in order for you to refresh the tokens. We use this flow as itprotects our members and their data in the best possible manner.

3) Refreshing an access token is very simple and can happen without an authorizationdialog appearing for the user. In other words, it's a seamless process that doesn't affectyour application's user experience. Simply have your application go through theauthorization flow in order to fetch a new access token with an additional 60 day life span. When the following conditions exist:-User is still logged into Linkedin.com-The current access token isn't expired (within the 60 life span)We will automatically redirect the user back to your redirect_uri without requiring them to reauthorize your application. If they don't exist, we'll prompt them to login and then redirectthem.

4) We have also standardized the duration of the authorization tokens. Previously, memberscould choose to grant tokens that were as short as one day or as long as forever. Now alltokens are 60 days in length, with the ability for you to extend them in a series of rolling 60 day increments whenever the member comes back to your application. To prevent a bad user experience in your application, be sure to proactively refresh tokens and elegantly route any expired tokens through a refresh flow.

5) As long as the user is logged into LinkedIn and their current access token hasn't expired, you can fetch an access token with a 60 day lifespan the next time the user comes to your application.