Oauth2令牌交换授权码:400错误 [英] Oauth2 Playground exchange authorization code for token: 400 error
问题描述
我一直在遵循基本的OAuth 2.0 教程来创建一个OAuth 2.0服务器.整个部分工作正常,但是当我尝试在
I've been following a basic OAuth 2.0 tutorial to create an OAuth 2.0 server. That whole part worked fine, but when I tried to play around with it in the Google OAuth2 playground following this page I'm getting some errors.
我已经按照上面链接中的所有步骤进行操作,除了我将http://localhost/wordpress/authorize.php?state=xyz用作我的授权端点,因为否则我会收到一条错误消息,指出状态是必需的,并且我不想编辑任何代码
I've followed all the steps as they are in the above link except I used http://localhost/wordpress/authorize.php?state=xyz as my authorization endpoint because otherwise I would get an error saying that state was required and I didn't want to edit any code yet.
现在,授权API似乎一切正常.我被定向到我的本地主机站点,并且在我授权请求时,我被返回到OAuth2 Playground.当我继续下一步并尝试将返回的授权代码交换为令牌时,出现400错误.
Now, everything seems to work fine with authorizing the APIs. I'm directed to my localhost site and when I authorize the request I am returned to the OAuth2 Playground. When I go on to the next step and attempt to exchange the returned authorization code for a token, I am given a 400 error.
整个请求/响应如下:
POST /wordpress/token.php HTTP/1.1
Host: localhost
Content-length: 191
content-type: application/x-www-form-urlencoded
user-agent: google-oauth-playground
code=6d408c28d468db6586320bff3aacf16492489b67&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=newclient&scope=& client_secret=newpass&grant_type=authorization_code
______________________________________________________________________
HTTP/1.1 400 Bad Request
Content-length: 106
Content-type: text/plain
An error occured while connecting to the server: Unable to fetch URL: http://localhost/wordpress/token.php
这可能是我犯下的一个简单错误,但似乎无法弄清楚.我认为代码并不是真正的问题,因为当我在教程页面上进行测试时,一切正常.我也没有编辑该示例使用的库中的任何文件.如果需要,我可以编辑此帖子,以包含符合链接可能不活动的规则的代码.
This may be a simple error I've made on my end but I can't seem to figure it out. I don't think the code is really a problem because when I do the tests on the tutorial page everything works fine. I also have not edited any of the files from the library the example uses. If needed, I can edit this post to include the code to comply with the rule that links may become inactive.
我注意到有关该请求的一件事是&scope=&client_secret=newpass&grant_type=authorization_code这一点.似乎没有设置范围参数,我想这可能会弄乱结果.
One thing I noticed about the request was this little bit &scope=&client_secret=newpass&grant_type=authorization_code. It looks like there is no scope parameter set and I was thinking that might be messing up the results.
如果有人对OAuth或OAuth2 Playground有任何经验,可以帮助我弄清楚哪里出了问题,我将非常感激.另外,对于这个冗长的问题,我深表歉意,但我想尽可能多地提供信息.
If anyone has any experience with OAuth or the OAuth2 Playground and could help me figure out where things went wrong I would be really grateful. Also, I apologize for the long question but I wanted to include as much info as I could.
推荐答案
之所以发生这种情况,是因为您将OAuth服务器托管在不可访问的网络(例如本地主机)上.基本上,当oauth Playground尝试使用自己的服务器(而不使用网页上的XHR)交换令牌的代码时,该服务器将无法使用URL http://localhost...来访问您的计算机.
This is happening because you are hosting your OAuth server on a non accessible network (e.g. localhost). Basically when the oauth playground tries to exchange the Code for the token it does so using its own server (not using a XHR on the webpage) and this server does not have access to your machine using the URL http://localhost....
要在Playground上进行测试,您需要使OAuth 2.0服务器可以通过公共URL或IP地址访问.相反,您可以将本地服务公开给外部/互联网.为此,您可以使用 ngrok 或本地隧道,您将获得一个本地服务的公共URL,您可以使用该URL来设置Playground.
To test this with the playground you need to make your OAuth 2.0 server reachable with a public URL or IP address.What you can do instead is expose your local service to the outside/internet. For this you can use services such as ngrok or localtunnel and you'll get a public URL to your local service which you'll be able to setup the Playground with.
这篇关于Oauth2令牌交换授权码:400错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
