http - Google OAuth2 端点总是说无效的客户端 ID
问题描述
根据他们的文档/指南向 Google OAuth2 API 发出请求时,我不断收到401 Unauthorized
来自https://accounts.google.com/oauth2/v4/token的响应,即使我发誓我提供了所有必填字段:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 311
Content-Type: application/x-www-form-urlencoded
client_id=REDACTED
&client_secret=REDACTED
&code=REDACTED
&grant_type=authorization_code
&redirect_uri=https%3A%2F%2Flocalhost%2Fsso%3Fredirect%3D%252F
回复:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Date: Wed, 03 Jul 2019 16:14:15 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,43,39"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "invalid_client",
"error_description": "Unauthorized"
}
我已经检查并三重检查了我的 client_id、client_secret、授权主机和 redirect_uri,并查看了堆栈溢出的类似问题,但似乎没有任何工作......为什么这会发生在我身上:(
解决方案
这是因为 Google 的指南/文档在骗你。这不是正确的端点,而不是这样说,它给你的是极其无益的错误信息。希望他们会知道这个 SO 帖子/答案并修复它。要找出用于获取授权令牌的实际URL,您可以单击 console.developers.google.com 上凭据视图页面上的“下载 JSON”按钮,而不仅仅是复制/粘贴 client_id 和 client_secret。然后你会得到如下所示的东西:
{
"web": {
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"client_id": "REDACTED",
"client_secret": "REDACTED",
"javascript_origins": [
"https://localhost"
],
"project_id": "REDACTED",
"redirect_uris": [
"https://localhost/sso?redirect=%2F"
],
"token_uri": "https://oauth2.googleapis.com/token"
}
}
你有它。真正的令牌 URI。