服务器端应用程序的Google+登录,将身份验证代码交换为访问令牌 [英] Google+ Sign-in for server-side apps, exchanging auth code for access token
问题描述
我正在尝试按照以下流程使用python服务器后端在android应用上登录用户:
I'm trying to follow this flow to sign-in a user on an android app using a python server backend:
https://developers.google.com/+/web/登录/服务器端流程
我已经成功地从Android应用程序中获取了授权代码,但是当我尝试将此代码与服务器中的访问令牌交换时,却收到了"invalid_request"错误.
I'm successful in getting the authorization code from the Android app, but when I try to exchange this code for an access token from the server, I'm getting an "invalid_request" error.
在Android应用中,我正在使用与控制台中"Web应用程序的客户端ID"下列出的服务器上相同的client_id.我已验证redirect_uri是正确的.无法从Android客户端生成授权代码并使用服务器交换访问令牌吗?
From the Android app, I'm using the same client_id as the one on the server which is listed under "Client ID for web application" in my console. I've verified the redirect_uri is correct. Is it not possible to generate an authorization code from an Android client and use a server to exchange for the access token?
我的python代码是:
My python code is:
def auth_params(self):
client_id, client_secret = self.get_key_and_secret()
return {
'grant_type': 'authorization_code',
'code': self.data.get('code', ''), # auth code from app
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': self.get_redirect_uri()
}
@classmethod
def auth_headers(cls):
return {'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json'}
def auth_complete(self, *args, **kwargs):
params = self.auth_params()
request = Request('https://accounts.google.com/o/oauth2/token', data=urlencode(params),
headers=self.auth_headers())
try:
response = simplejson.loads(urlopen(request).read())
except HTTPError, e:
print 'fml'
推荐答案
有两种特殊的重定向URI实际上不会重定向回服务器:"postmessage"和"urn:ietf:wg:oauth:2.0:oob" .这些特殊的重定向URI不会触发对服务器的重定向POST,而是会在对请求的响应中返回OAuth 2.0令牌.
There are two special redirect URIs that do not actually redirect back to the server: "postmessage" and "urn:ietf:wg:oauth:2.0:oob". These special redirect URIs do not trigger a redirect POST to your server but instead return the OAuth 2.0 tokens in a response to the request.
当您将代码交换为访问令牌和刷新令牌时,与授权代码关联的重定向URI需要匹配.
When you exchange the code for an access token and refresh token, the redirect URI associated with the authorization code needs to match.
由于您的授权码来自Android设备,因此此行上的重定向URI可能不匹配:
Because your authorization code is coming from an Android device, your redirect URI is probably mismatched on this line:
'redirect_uri': self.get_redirect_uri()
对于Android代码交换,重定向URI必须为:
urn:ietf:wg:oauth:2.0:oob
For Android code exchange, the redirect URI must be:
urn:ietf:wg:oauth:2.0:oob
希望这会有所帮助.您可能已经注意到,如果您还使用从Web登录或Android返回的授权码,则需要适当设置重定向URI(例如,Android的urn [...],"postmessage"或已配置的否则重定向).
Hopefully that helps. As you may have noticed, if you are also taking an authorization code returned from a Web sign-in or Android, you will need to set the redirect URI appropriately (e.g. urn[...] for Android, 'postmessage' or the configured redirect otherwise).
这篇关于服务器端应用程序的Google+登录,将身份验证代码交换为访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!