LinkedIn的訪問令牌更新流程可以在服務器上執行嗎？

Question

在Facebook的Graph API中，一旦我們初步驗證了用戶身份，我們就可以直接與API（從服務器）進行交互，以獲得長期的頁面訪問令牌。這個長期存在的頁面訪問令牌永不過期。 （https://developers.facebook.com/docs/facebook-login/access-tokens/）

在閱讀LinkedIn的文檔時，似乎無法獲得帶有無限期（非到期）訪問令牌的訪問令牌。看來他們每60天就會過期。但是，這些訪問令牌在60天之前可以刷新。

從文檔中不完全清楚的是，是否可以在沒有客戶端交互的情況下單獨在服務器上執行訪問令牌更新。文檔的語言表明客戶端（瀏覽器）的交互是必需的，但沒有明確說明。

所以，我的問題是，是否有可能在沒有客戶端（瀏覽器）的交互的情況下單獨使用服務器續訂LinkedIn訪問令牌？

相關LinkedIn參考材料：https://developer.linkedin.com/documents/handling-errors-invalid-tokens

Answer 1

事實證明，如果沒有linkedin用戶登錄linkedin，就無法刷新linkedin的訪問令牌。請參閱LinkedIn員工的第一條評論here，其中明確指出"this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."

我想這對於那些以前將linkedin訪問令牌存儲到數據庫供以後使用的人來說現在是主要問題。

我在這裏提幾個環節，其指的是問題與清爽LinkedIn的oauth2令牌（希望這是明確爲大家誰用了同樣的問題掙扎）：​​

1) This refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again.

2) There is no way to refresh the token using the old authentication token/secret. User needs to log into linkedin in order for you to refresh the tokens. We use this flow as it protects our members and their data in the best possible manner.

3) Refreshing an access token is very simple and can happen without an authorization dialog appearing for the user. In other words, it's a seamless process that doesn't affect your application's user experience. Simply have your application go through the authorization flow in order to fetch a new access token with an additional 60 day life span. When the following conditions exist: -User is still logged into Linkedin.com -The current access token isn't expired (within the 60 life span) We will automatically redirect the user back to your redirect_uri without requiring them to reauthorize your application. If they don't exist, we'll prompt them to login and then redirect them.

4) We have also standardized the duration of the authorization tokens. Previously, members could choose to grant tokens that were as short as one day or as long as forever. Now all tokens are 60 days in length, with the ability for you to extend them in a series of rolling 60 day increments whenever the member comes back to your application. To prevent a bad user experience in your application, be sure to proactively refresh tokens and elegantly route any expired tokens through a refresh flow.

5) As long as the user is logged into LinkedIn and their current access token hasn't expired, you can fetch an access token with a 60 day lifespan the next time the user comes to your application.

Answer 2

我有同樣的問題和LinkedIn文檔和論壇帖子是混亂的，但我現在可以肯定，它是不可能以編程方式做到這一點，無需用戶干預（即用戶需要通過LinkedIn身份驗證登錄到您的應用程序才能刷新令牌）。