[英]getting Google oauth authorization token from Android- return with invalid_scope/ Unknown error
I try to use Google oauth to authenticate users on my android app.我尝试使用 Google oauth 在我的 android 应用上对用户进行身份验证。 Then I would like to send it to my app server so it can connect at any time with Google calendar.
然后我想将它发送到我的应用服务器,以便它可以随时与谷歌日历连接。
I tried to use GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
我尝试使用
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article: https://developers.google.com/accounts/docs/CrossClientAuth在这篇文章之后: https ://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
当我使用范围
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour我得到一个令牌,有效期为一小时
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
但是当我尝试获取授权码时(因此我可以获得一个有效期更长的刷新令牌,使用
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.我收到“invalid_scope”或“未知”异常。
What am I doing wrong?我究竟做错了什么?
EDIT: OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token.编辑:好的,在 google API 控制台上创建一个新应用程序并将 plus.login 添加到范围后,我得到一个代码,但由于某种原因,我的服务器无法解析此令牌。 When tying to resolve server gets an error about the redirection URL.
绑定以解析服务器时,会收到有关重定向 URL 的错误。 BTW, When I do the web flow with same parameters it works.
顺便说一句,当我使用相同的参数执行 Web 流程时,它可以工作。
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. 好的,找到了解决方案,我希望Google能够提供更好的关于使用Google Oauth和Android的文档。 A few things you have to know to work with Android and offline token
使用Android和离线令牌时您必须了解的一些事项
When you create google Client ID Don't create a service application before you create a web application 创建Google客户端ID时不要在创建Web应用程序之前创建服务应用程序
Must include https://www.googleapis.com/auth/plus.login in your scope 必须在您的范围内加入https://www.googleapis.com/auth/plus.login
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console. 最奇怪的是,为了解析我服务器上的一次性授权代码,我不得不使用Android客户端ID详细信息中的重定向URL(甚至看起来不像网址),而不是来自Google API控制台上的Web客户端详细信息。
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html , on Android. 该范围字符串仅在传递给GoogleAuthUtil()时记录有效,请参阅Android上的http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html 。 But it would be cool if it worked on iOS too;
但如果它也适用于iOS,那将会很酷; our infrastructure there is a little behind where we're at on Android.
我们的基础设施有点落后于我们在Android上的位置。
You just need to follow the correct steps/format for specifying the scopes. 您只需按照正确的步骤/格式指定范围即可。 Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
在这里找到它们https://developers.google.com/android/guides/http-auth#SpecifyingScopes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.