1. 首頁
  2. 問答
  3. 什麼時候證書對象失效?

什麼時候證書對象失效?

2016-11-14 138 views
0

我正在玩基於https://developers.google.com/drive/v3/web/quickstart/python的Python腳本,它工作正常。我可以將簡單文本文件上傳到我的雲端硬盤帳戶。什麼時候證書對象失效?

該網頁上的代碼如下:

# If modifying these scopes, delete your previously saved credentials 
# at ~/.credentials/drive-python-quickstart.json 
SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly' 
CLIENT_SECRET_FILE = 'client_secret.json' 
APPLICATION_NAME = 'Drive API Python Quickstart' 


def get_credentials(): 
    """Gets valid user credentials from storage. 

    If nothing has been stored, or if the stored credentials are invalid, 
    the OAuth2 flow is completed to obtain the new credentials. 

    Returns: 
     Credentials, the obtained credential. 
    """ 
    home_dir = os.path.expanduser('~') 
    credential_dir = os.path.join(home_dir, '.credentials') 
    if not os.path.exists(credential_dir): 
     os.makedirs(credential_dir) 
    credential_path = os.path.join(credential_dir, 
            'drive-python-quickstart.json') 

    store = Storage(credential_path) 
    credentials = store.get() 
    if not credentials or credentials.invalid: 
     flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES) 
     flow.user_agent = APPLICATION_NAME 
     if flags: 
      credentials = tools.run_flow(flow, store, flags) 
     else: # Needed only for compatibility with Python 2.6 
      credentials = tools.run(flow, store) 
     print('Storing credentials to ' + credential_path) 
    return credentials

假設腳本執行一次,導致「驅動的Python-quickstart.json」文件被保存像這樣的東西(X的取代敏感當然信息):

{"_module": "oauth2client.client", 
"scopes": ["https://www.googleapis.com/auth/drive.file"], 
"token_expiry": "2016-11-13T07:15:15Z", 
"id_token": null, 
"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 
"token_uri": "https://accounts.google.com/o/oauth2/token", 
"invalid": false, 
"token_response": {"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 
        "token_type": "Bearer", 
        "expires_in": 3600, 
        "refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}, 
"client_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com", 
"token_info_uri": "https://www.googleapis.com/oauth2/v3/tokeninfo", 
"client_secret": "XXXXXXXXXXXXXXXXXXXXXXXX", 
"revoke_uri": "https://accounts.google.com/o/oauth2/revoke", 
"_class": "OAuth2Credentials", 
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 
"user_agent": null}

讓我們假設「驅動的Python-quickstart.json」文件總是現有的和可讀可寫。假設一段時間過去了,腳本在該JSON值中的「token_expiry」鍵所給的時間之後的某個時間再次執行。預計是否有東西檢測到Credentials對象上的時間已過期,從而強制憑據對象切換到無效狀態,這意味着credentials.invalid會變爲True?或者,是否存在「refresh_token」字段意味着API中的某些內容會自動更新「drive-python-quickstart.json」文件,使得credentials.invalid始終返回True?

來源

2016-11-14 bgoodr

回答

1

只要您的刷新令牌良好,Google python客戶端庫將根據需要刷新訪問令牌。清楚的是,客戶端庫用於訪問API。 API無法控制您的身份驗證。它希望你,或者說客戶端庫,將它需要的信息發送給它,以使其工作。

重要提示:未使用六個月的刷新令牌也將過期,因此我建議您至少每六個月運行腳本一次。

來源

2016-11-14 07:27:36 DaImTo

+0

由此我得出結論:只要我經常執行腳本,令牌就會繼續刷新,從而永遠不會「過期」,因此,上述Python腳本中的credentials.invalid不會成爲'返回FALSE。那是對的嗎? – bgoodr

+1

用戶也可以通過Google帳戶刪除您的訪問權限。我不是一個Python開發人員。但假設您的代碼將用戶身份驗證憑據存儲在某個位置,並且它包含一個刷新令牌。然後,當您重新加載腳本時,您正在提供您的存儲憑據。只要刷新令牌很好,它將繼續工作,無需您或用戶的任何干預。 – DaImTo

相關問題

 相關問題