简体繁体 English

从 Android 获取 Google oauth 授权令牌 - 返回无效范围/未知错误

[英]getting Google oauth authorization token from Android- return with invalid_scope/ Unknown error

原文 2013-08-21 15:05:15 0 4 android/ oauth-2.0

I try to use Google oauth to authenticate users on my android app.我尝试使用 Google oauth 在我的 android 应用上对用户进行身份验证。 Then I would like to send it to my app server so it can connect at any time with Google calendar.然后我想将它发送到我的应用服务器，以便它可以随时与谷歌日历连接。

I tried to use GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);我尝试使用GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);

Following this article: https://developers.google.com/accounts/docs/CrossClientAuth在这篇文章之后： https ://developers.google.com/accounts/docs/CrossClientAuth

When I use it with scope mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";当我使用范围mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"; I get a token, which is valid for an hour我得到一个令牌，有效期为一小时

But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";但是当我尝试获取授权码时（因此我可以获得一个有效期更长的刷新令牌，使用mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";

I receive either "invalid_scope" or "Unknown" exceptions.我收到“invalid_scope”或“未知”异常。

What am I doing wrong?我究竟做错了什么？

EDIT: OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token.编辑：好的，在 google API 控制台上创建一个新应用程序并将 plus.login 添加到范围后，我得到一个代码，但由于某种原因，我的服务器无法解析此令牌。 When tying to resolve server gets an error about the redirection URL.绑定以解析服务器时，会收到有关重定向 URL 的错误。 BTW, When I do the web flow with same parameters it works.顺便说一句，当我使用相同的参数执行 Web 流程时，它可以工作。

4 个解决方案

OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. 好的，找到了解决方案，我希望Google能够提供更好的关于使用Google Oauth和Android的文档。 A few things you have to know to work with Android and offline token 使用Android和离线令牌时您必须了解的一些事项

When you create google Client ID Don't create a service application before you create a web application 创建Google客户端ID时不要在创建Web应用程序之前创建服务应用程序
Must include https://www.googleapis.com/auth/plus.login in your scope 必须在您的范围内加入https://www.googleapis.com/auth/plus.login
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console. 最奇怪的是，为了解析我服务器上的一次性授权代码，我不得不使用Android客户端ID详细信息中的重定向URL（甚至看起来不像网址），而不是来自Google API控制台上的Web客户端详细信息。

That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html , on Android. 该范围字符串仅在传递给GoogleAuthUtil（）时记录有效，请参阅Android上的http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html 。 But it would be cool if it worked on iOS too; 但如果它也适用于iOS，那将会很酷; our infrastructure there is a little behind where we're at on Android. 我们的基础设施有点落后于我们在Android上的位置。

I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.我有同样的问题然后我意识到我的应用程序没有发布并且处于调试模式，所以我必须将测试用户添加到谷歌项目 - >同意屏幕，然后我能够获取添加的测试用户的令牌.