服务器端应用程序的Google+登录，将身份验证代码交换为访问令牌 [英] Google+ Sign-in for server-side apps, exchanging auth code for access token

问题描述

我正在尝试按照以下流程使用python服务器后端在android应用上登录用户:

I'm trying to follow this flow to sign-in a user on an android app using a python server backend:

https://developers.google.com/+/web/登录/服务器端流程

我已经成功地从Android应用程序中获取了授权代码，但是当我尝试将此代码与服务器中的访问令牌交换时，却收到了"invalid_request"错误.

I'm successful in getting the authorization code from the Android app, but when I try to exchange this code for an access token from the server, I'm getting an "invalid_request" error.

在Android应用中，我正在使用与控制台中"Web应用程序的客户端ID"下列出的服务器上相同的client_id.我已验证redirect_uri是正确的.无法从Android客户端生成授权代码并使用服务器交换访问令牌吗?

From the Android app, I'm using the same client_id as the one on the server which is listed under "Client ID for web application" in my console. I've verified the redirect_uri is correct. Is it not possible to generate an authorization code from an Android client and use a server to exchange for the access token?

我的python代码是:

My python code is:

def auth_params(self):
  client_id, client_secret = self.get_key_and_secret()
  return {
      'grant_type': 'authorization_code',    
      'code': self.data.get('code', ''),  # auth code from app
      'client_id': client_id,
      'client_secret': client_secret,
      'redirect_uri': self.get_redirect_uri()
  }       

@classmethod
def auth_headers(cls):
    return {'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'application/json'}

def auth_complete(self, *args, **kwargs):
  params = self.auth_params()
  request = Request('https://accounts.google.com/o/oauth2/token', data=urlencode(params),
                    headers=self.auth_headers())
  try:
      response = simplejson.loads(urlopen(request).read())
  except HTTPError, e:
      print 'fml'

推荐答案

有两种特殊的重定向URI实际上不会重定向回服务器:"postmessage"和"urn:ietf:wg:oauth:2.0:oob" .这些特殊的重定向URI不会触发对服务器的重定向POST，而是会在对请求的响应中返回OAuth 2.0令牌.

There are two special redirect URIs that do not actually redirect back to the server: "postmessage" and "urn:ietf:wg:oauth:2.0:oob". These special redirect URIs do not trigger a redirect POST to your server but instead return the OAuth 2.0 tokens in a response to the request.

当您将代码交换为访问令牌和刷新令牌时，与授权代码关联的重定向URI需要匹配.

When you exchange the code for an access token and refresh token, the redirect URI associated with the authorization code needs to match.

由于您的授权码来自Android设备，因此此行上的重定向URI可能不匹配:

Because your authorization code is coming from an Android device, your redirect URI is probably mismatched on this line:

  'redirect_uri': self.get_redirect_uri()

对于Android代码交换，重定向URI必须为: urn:ietf:wg:oauth:2.0:oob

For Android code exchange, the redirect URI must be: urn:ietf:wg:oauth:2.0:oob

希望这会有所帮助.您可能已经注意到，如果您还使用从Web登录或Android返回的授权码，则需要适当设置重定向URI(例如，Android的urn [...]，"postmessage"或已配置的否则重定向).

Hopefully that helps. As you may have noticed, if you are also taking an authorization code returned from a Web sign-in or Android, you will need to set the redirect URI appropriately (e.g. urn[...] for Android, 'postmessage' or the configured redirect otherwise).

这篇关于服务器端应用程序的Google+登录，将身份验证代码交换为访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！