[英]Google_Auth_Exception' with message 'Error fetching OAuth2 access token, message: 'invalid_grant'
我正在嘗試對Google 開發人員網站上所述的 Google+ 網絡登錄服務器端流程稍作修改。
我有一個員工登錄頁面 (staff_login.php),它通過 Google+ (plusone.js) 使用 javascript。 如果用戶已經登錄到 Google,那么來自 Google 的授權代碼將存儲到會話變量中。 如果用戶未登錄,則會顯示“員工登錄”按鈕。 如果用戶單擊該按鈕,則會進行 Google 授權,如果成功,則來自 Google 的授權代碼將存儲到會話變量中。 在這兩種情況下,會話變量被存儲后,用戶被重定向到另一個網頁 (google_login.php)。
大多數情況下,登錄過程按預期工作,但有時 google_login.php 會生成錯誤消息:Google_Auth_Exception',消息為“獲取 OAuth2 訪問令牌時出錯,消息:'invalid_grant'。
我很確定問題出在 signInCallback 函數中。 怎么讓它防彈?
這是(縮減)代碼:
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="google-signin-clientid" content="CLIENT-ID.apps.googleusercontent.com"> <meta name="google-signin-scope" content="email"> <meta name="google-signin-cookiepolicy" content="single_host_origin"> <meta name="google-signin-callback" content="signInCallback"> <title>Login</title> </head> <body> <button id="xyzStaffSignIn">Staff Sign In</button> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js" type="text/javascript"></script> <script type = "text/javascript" > jQuery(document).ready(function ($) { console.log('Google (plusone.js) will invoke signInCallback'); window.___gcfg = { lang: 'en-GB', parsetags: 'onload' }; var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/client:plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); }); function signInCallback(authResult) { if (authResult) { if (authResult['error'] == undefined) { if (authResult['code']) { setSessionValue('GoogleAuthorisationCode', authResult['code'], callGoogleLogin); } } else if (authResult['error']) { // There was an error. // Possible error codes: // "access_denied" - User denied access to your app // "immediate_failed" - Could not automatically log in the user console.log('There was an error: ' + authResult['error']); if (!authResult['status']['signed_in']) { console.log('gapi.signin.render will invoke signInCallback'); gapi.signin.render('xyzStaffSignIn'); } } else { console.log('Empty authResult'); // Something went wrong } } } function setSessionValue(key, value, callback) { $.post( 'session.php', { xyzAction: 'set', xyzKey: key, xyzValue: value }, function (result) { // Handle or verify the server response if necessary. if (result['status'] == undefined) { alert('xyz status problem. Please email our IT department!'); } else { switch (result['status']) { case 'Success': callback(); break; default: alert('xyz unexpected status problem. Please email our IT department!'); console.log(result['status']); } } } ) } function callGoogleLogin() { gapi.client.load('plus', 'v1', loadProfile); } /** * Uses the JavaScript API to request the user's profile, which includes * their basic information. When the plus.profile.emails.read scope is * requested, the response will also include the user's primary email address * and any other email addresses that the user made public. */ function loadProfile() { var request = gapi.client.plus.people.get({'userId': 'me'}); request.execute(loadProfileCallback); } /** * Callback for the asynchronous request to the people.get method. The profile * and email are set to global variables. Triggers the user's basic profile * to display when called. */ function loadProfileCallback(profile) { var emailAddress; // Filter the emails object to find the user's primary account, which might // not always be the first in the array. The filter() method supports IE9+. emailAddress = profile['emails'].filter(function (v) { return v.type === 'account'; // Filter out the primary email })[0].value; // get the email from the filtered results, should always be defined. var domain = emailAddress.replace(/.*@/, ""); if ("xyz.com" == domain) { window.location.href = "google_login.php?xyzEmailAddress=" + emailAddress; } else { alert(emailAddress + ' is not a recognized xyz staff member email address.'); } } </script> </body> </html>
<?php // This code is called from the javascript on the login screen only // AFTER Google authorization has succeeded // Google_Client is as defined at // https://github.com/google/google-api-php-client/blob/master/src/Google/Client.php $googleClient = new Google_Client (); $googleClient->setRedirectUri('postmessage'); $googleClient->authenticate($_SESSION['GoogleAuthorizationCode']);
需要在https://console.developers.google.com的左側面板中添加/啟用 API。 我添加的 API 是“google+ API”和“gmail API”。 我試過了,它對我有用。
來自 GoogleAPI 的 JWT 的 Oauth2 令牌響應“invalid_grant”
[英]Oauth2 token response "invalid_grant" with JWT from GoogleAPI
OAuth2:Discord API 總是響應 {“error”: “invalid_grant”}
[英]OAuth2: Discord API always responds with {“error”: “invalid_grant”}
嘗試使用 Discord 的 oauth2 時出現“invalid_grant”錯誤
[英]“invalid_grant” error while trying to use Discord's oauth2
在javascript中測試oauth2隱式授權access_token的解析器
[英]Testing parser for oauth2 implicit grant access_token in javascript
從Spotify API請求reshresh_token時如何解決“錯誤:invalid_grant無效授權代碼”?
[英]How to fix 'error: invalid_grant Invalid authorization code' when asking for reshresh_token from Spotify API?
Firebase Admin SDK-錯誤:提供了用於初始化App()的憑據實現…無法獲取有效的Google OAuth2訪問令牌
[英]Firebase Admin SDK - Error: Credential implementation provided to initializeApp() … failed to fetch a valid Google OAuth2 access token
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.