英文:
How to prevent any pop up Google OAuth2 (or run in background without prompt) when open new tab
问题
I have a code as below to run google oauth2. It works perfectly but every time I open a new tab, a pop-up will appear for login (however, it will auto-close after a few seconds). Is it possible to make it so that the pop-up will not appear all the time as it is distracting every time I open a new tab?
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: CLIENT_ID,
scope: SCOPES,
prompt: '',
callback: authorizeCallback
});
tokenClient.requestAccessToken();
英文:
Currently, I have a code as below to run google oauth2. It works perfectly but everytime i open a new tab a pop up will appear for login(however will auto close after few seconds). Is it possible to make it so that pop up will not appear all the time as it is distracting everytime i open a new tab.
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: CLIENT_ID,
scope: SCOPES,
prompt: '',
callback: authorizeCallback
});
tokenClient.requestAccessToken();
答案1
得分: 1
当您请求访问令牌时,会发生以下事情:
- 浏览器访问来自
google.com的网页。 - 作为对该网页的HTTP请求的一部分,浏览器发送了在用户登录到Google时设置的
google.com会话cookie。 - (如果用户尚未登录到Google,则加载的网页会要求他们这样做,之后会设置会话cookie,并重复前一步。)
- Google发布的HTTP响应包含对当前登录用户有效的访问令牌(Google知道这个用户是因为它收到了会话cookie)。
- 浏览器被重定向到您指定的
回调URL,并将访问令牌注入到该URL中。这允许您的应用程序读取访问令牌。
Google只能在访问其网页时响应发放访问令牌。如果您从_您的_网页向google.com发出请求,会话cookie将不包含在内(这被视为[标签:第三方cookie])。因此,在每次requestAccessToken()时都需要弹出窗口。如果您希望避免在您的应用程序打开的每个新标签页上都出现新的弹出窗口,您必须在您的应用程序的所有标签页之间共享访问令牌。例如,您可以通过将访问令牌写入您的应用程序的cookie中来实现这一点,以便在用户与Google登录_一次_后,它将自动发送到您的应用程序服务器。
要提供更详细的答案,需要共享触发Google OAuth流程的代码。
英文:
When you request an access token, the following things happen:
- The browser visits a web page from
google.com. - As part of the HTTP request for that web page, the browser sends the
google.comsession cookie, which was set when the user logged on to Google. - (If the user is not yet logged on to Google, the loaded web page asks them to do so, after which the session cookie is set and the previous step repeated.)
- The HTTP response issued by Google contains an access token which is valid for the currently logged on user. (Google knows this user because of the session cookie it has received.)
- The browser is redirected to the
callbackURL that you specify, and the access token is injected into that URL. This allows your app to read the access token.
Google can issue an access token only in response to a visit to its web page. If you made the request to google.com from your web page, the session cookie would not be included (it counts as [tag:third-party-cookies]). Hence a popup is necessary during every requestAccessToken(). If you want to avoid a new popup for every new tab your app opens, you must share the access token between all tabs of your app. You can achieve this, for example, by writing the access token into a cookie of your app so that it will be sent to your app server automatically after the user has logged in with Google once.
A more detailed answer would require that you share your code which triggers the Google OAuth flow.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论