Google OAuth令牌交换返回invalid_code [英] Google OAuth token exchange returns invalid_code
问题描述
我一直在实现Google Web服务器的OAuth流程,但是当我尝试与访问令牌交换授权代码时,它总是抱怨"invalid_code".
I have been implementing the Google web server OAuth flow, but when I attempted to exchange the authorization code with access token, it always complains "invalid_code".
问题出在这里:
第1步:
Redirect one of our pages to 'https://accounts.google.com/o/oauth2/auth?scope=email&redirect_uri=https%3A%2F%2Fmyurl.com%2Fcallback&response_type=code&client_id=some_client_id'
第2步:
发生重定向,Google会将其重定向到我们的网址 https://myurl.com/callback?code=somecode
The redirection happens and google would redirect to our url https://myurl.com/callback?code=somecode
第3步:
curl -X POST --data"code = somecode& client_id = some_client_id& some_client_secret = some_client_secret& redirect_uri = https://myurl .com/callback& grant_type = authorization_code " https://accounts.google.com/o/oauth2/token -v --trace-ascii/dev/stout
curl -X POST --data "code=somecode&client_id=some_client_id&some_client_secret=some_client_secret&redirect_uri=https://myurl.com/callback&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token -v --trace-ascii /dev/stout
响应返回:
HTTP 400错误请求
HTTP 400 Bad request
{ "error":"invalid_grant", "error_description":无效的代码." }
{ "error" : "invalid_grant", "error_description" : "Invalid code." }
有人可以帮助我解决这个问题吗?谢谢!
Can someone help me with this issue? Thanks!
推荐答案
授权代码的生命周期只有10分钟,并且只能使用一次.这些检查也是如此:
The life span of authorization code is only 10 mins,and can only be used one time. So do these checks:
- 您会在10分钟后使用它吗?如果是这样,请在10分钟内使用它.
- 您以前使用过吗?如果是这样,请获取一个新的,然后使用它.
- 您的服务器时间是否与Google OAuth服务器的时间同步?如果没有,请更改您的时间.
这篇关于Google OAuth令牌交换返回invalid_code的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
