How to prevent any pop up Google OAuth2 (or run in background without prompt) when open new tab

huangapple go评论62阅读模式
英文:

How to prevent any pop up Google OAuth2 (or run in background without prompt) when open new tab

问题

I have a code as below to run google oauth2. It works perfectly but every time I open a new tab, a pop-up will appear for login (however, it will auto-close after a few seconds). Is it possible to make it so that the pop-up will not appear all the time as it is distracting every time I open a new tab?

tokenClient = google.accounts.oauth2.initTokenClient({
   client_id: CLIENT_ID,
   scope: SCOPES,
   prompt: '',
   callback: authorizeCallback
});
tokenClient.requestAccessToken();
英文:

Currently, I have a code as below to run google oauth2. It works perfectly but everytime i open a new tab a pop up will appear for login(however will auto close after few seconds). Is it possible to make it so that pop up will not appear all the time as it is distracting everytime i open a new tab.

tokenClient = google.accounts.oauth2.initTokenClient({
			   client_id: CLIENT_ID,
			   scope: SCOPES,
			   prompt: '',
			   callback: authorizeCallback
		   });
tokenClient.requestAccessToken();

答案1

得分: 1

当您请求访问令牌时,会发生以下事情:

  • 浏览器访问来自google.com的网页。
  • 作为对该网页的HTTP请求的一部分,浏览器发送了在用户登录到Google时设置的google.com会话cookie。
  • (如果用户尚未登录到Google,则加载的网页会要求他们这样做,之后会设置会话cookie,并重复前一步。)
  • Google发布的HTTP响应包含对当前登录用户有效的访问令牌(Google知道这个用户是因为它收到了会话cookie)。
  • 浏览器被重定向到您指定的回调 URL,并将访问令牌注入到该URL中。这允许您的应用程序读取访问令牌。

Google只能在访问其网页时响应发放访问令牌。如果您从_您的_网页向google.com发出请求,会话cookie将不包含在内(这被视为[标签:第三方cookie])。因此,在每次requestAccessToken()时都需要弹出窗口。如果您希望避免在您的应用程序打开的每个新标签页上都出现新的弹出窗口,您必须在您的应用程序的所有标签页之间共享访问令牌。例如,您可以通过将访问令牌写入您的应用程序的cookie中来实现这一点,以便在用户与Google登录_一次_后,它将自动发送到您的应用程序服务器。

要提供更详细的答案,需要共享触发Google OAuth流程的代码。

英文:

When you request an access token, the following things happen:

  • The browser visits a web page from google.com.
  • As part of the HTTP request for that web page, the browser sends the google.com session cookie, which was set when the user logged on to Google.
  • (If the user is not yet logged on to Google, the loaded web page asks them to do so, after which the session cookie is set and the previous step repeated.)
  • The HTTP response issued by Google contains an access token which is valid for the currently logged on user. (Google knows this user because of the session cookie it has received.)
  • The browser is redirected to the callback URL that you specify, and the access token is injected into that URL. This allows your app to read the access token.

Google can issue an access token only in response to a visit to its web page. If you made the request to google.com from your web page, the session cookie would not be included (it counts as [tag:third-party-cookies]). Hence a popup is necessary during every requestAccessToken(). If you want to avoid a new popup for every new tab your app opens, you must share the access token between all tabs of your app. You can achieve this, for example, by writing the access token into a cookie of your app so that it will be sent to your app server automatically after the user has logged in with Google once.

A more detailed answer would require that you share your code which triggers the Google OAuth flow.

huangapple
  • 本文由 发表于 2023年5月13日 11:12:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/76240917.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定