stackoom
  简体   繁体   中英

OAuth2 “Invalid Grant” response from server

 原文  2012-12-18 20:33:22       authorization/ google-api/ in-app-purchase/ oauth-2.0

Question

I ask my client to hit at this URL with his authorized gmail account with which he has created the google api project. 

https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=http://www.XXXXXXXX.com/oauth2callback&client_id=XXXXXX.apps.googleusercontent.com&state=profile&approval_prompt=force

and then ask him to provide me the code parameter from the redirected URL 

http://www.XXXXXXXX.com/oauth2callback?code=4/jUxc2MdX0xmF-b4_I6v2SLMQMuxO.cvQLVEpcJMUXOl05ti8ZT3ZvsT9ddwI

Then i myself post this form with following info. 

<form action="https://accounts.google.com/o/oauth2/token" method="post" >

<input type="hidden" name="grant_type" value="authorization_code" >
<input type="text" name="code" value="**is the one i recieved from previous step**">
<input type="hidden" name="client_id" value="XXXXXXX.apps.googleusercontent.com" >
<input type="hidden" name="client_secret" value="XXXXXXXXXXXX" >
<input type="hidden" name="redirect_uri" value="http://www.XXXXXX.com/oauth2callback" >
<input type="submit" value="Submit">

</form>

and then i get the following error 

{
    "error" : "invalid_grant"
}

When i generate the code url param myself and perform the next step. i am successfully presented with following response 

{
  "access_token" : "XXXXXXStBkRnGyZ2mUYOLgls7QVBxOg82XhBCFo8UIT5gM",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "XXXXXX3SEBX7F2cfrHcqJEa3KoAHYeXES6nmho"
}

But if the client generate the url param "code" then i see the invalid grant error.

My Client is in UK and i am in another country. Can anybody please confirm if it's the error because client is generating the code param in another country and i am using that code in another country ?

Thanks in advance.

2 answers

solution1
 6  2013-01-03 14:40:53

I got annoyed by invalid_grant error instead of the fact that same code is getting me correct access token some times.

Shaikh's answer has guided me to correct direction.

First of all we try to get access code from:

https://accounts.google.com/o/oauth2/auth

User is directed to "Allow Permission" screen and then our app receive access code.

Using that access code we try to get access token from:

https://accounts.google.com/o/oauth2/token

In the first attempt it will return us access_token with grant_type=authorization_code, but once access_token has been provided to us, it no longer expect to receive grant_type=authorization again, instead it likes to receive grant_type=refresh_token

For fellow android developers code is as follows: 

String accessToken = null, refreshToken = null;
HttpPost httppost = new HttpPost(https://accounts.google.com/o/oauth2/token);
HttpParams myParams = new BasicHttpParams();
httppost.setHeader("Content-type", "application/x-www-form-urlencoded");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("client_id", BLOGGER_CLIENT_ID));
SharedPreferences prefs = context.getSharedPreferences(PREFERENCES_NAME, Context.MODE_PRIVATE);
String bloggerAccessToken = prefs.getString(PREFERENCES_KEY_BLOGGER_ACCESS_TOKEN, null);

if(bloggerAccessToken != null && bloggerAccessToken.length() > 0){
    nameValuePairs.add(new BasicNameValuePair("refresh_token",  prefs.getString(PREFERENCES_KEY_BLOGGER_REFRESH_TOKEN, null)));
    nameValuePairs.add(new BasicNameValuePair("grant_type",    "refresh_token"));
} else{
    nameValuePairs.add(new BasicNameValuePair("code",  prefs.getString(PREFERENCES_KEY_BLOGGER_ACCESS_CODE, null)));
    nameValuePairs.add(new BasicNameValuePair("grant_type",    "authorization_code"));
    nameValuePairs.add(new BasicNameValuePair("redirect_uri",  "http://localhost"));
}

httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpClient httpClient = new DefaultHttpClient(myParams);
response = httpClient.execute(httppost);

String returnedJsonStr = EntityUtils.toString(response.getEntity());
JSONObject jsonObject = new JSONObject(returnedJsonStr);
accessToken = jsonObject.getString("access_token");
if(jsonObject.has("refresh_token"))
    refreshToken = jsonObject.getString("refresh_token");

solution2
 4 ACCPTED  2012-12-19 08:25:58

You may ask the client to generate the code PLUS the subsequent refresh token himself. Give him the access to the form above where the refresh_token is generated.

Then you can use refresh_token to generate access_tokens.

Hope it fixes your problem.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# OWIN OAuth2 Server: Access token always returns invalid_grant Unsupported Grant Type Salesforce OAUTH2 OAuth2: Resource Owner OpenID Grant? OAuth2 refresh_token grant Can we Implement Oauth2 authorization server with spring boot which supports Client_Crentials & password grant types? OAuth2 (Code Grant) access_token Meaning OAuth2: Authorization Code Grant Flow with C# AccessToken does not get invalid - Spring OAuth2 Oauth Implicit Grant web api authorization server app.oauth.grant is not a function (oauth2-server)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM