GoogleJsonResponseException:带有OAuth2保护的401未经授权的呼叫端点 [英] GoogleJsonResponseException: 401 Unauthorized calling endpoint with OAuth2 protection

问题描述

我正在尝试使用App Engine作为移动后端制作一个Android应用.当我尝试调用受身份验证保护的端点时出现此错误:

I am trying to make an Android app with App Engine as mobile backend. I am getting this error when I try to call an endpoint protected by authentication:

12-21 18:58:05.120    4452-4477/com.test.myapplication W/System.err﹕ com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
12-21 18:58:05.120    4452-4477/com.test.myapplication W/System.err﹕ {
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ {
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "domain": "global",
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "location": "Authorization",
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "locationType": "header",
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "message": "Authorization required",
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "reason": "required"
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ }
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ ],
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ "message": "Authorization required"
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ }
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
12-21 18:58:05.130    4452-4477/com.test.myapplication W/System.err﹕ at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:312)

这是App Engine上的终结点代码

Here is the endpoint code on App Engine

@ApiMethod(
        name = "signInWithGoogle",
        path = "signInWithGoogle",
        httpMethod = ApiMethod.HttpMethod.POST
)
public Profile signInWithGoogle(final User user) throws UnauthorizedException {
    if (user == null) {
        throw new UnauthorizedException("Authorization required");
    }
    Key<Profile> profileKey = Key.create(Profile.class, user.getEmail());
    return OfyService.ofy().load().key(profileKey).now();
}

这是调用端点的活动代码

And here is the activity code which call the endpoint

public class MainActivity extends Activity {

public static final String WEB_CLIENT_ID = "XXXX.apps.googleusercontent.com";
public static final String AUDIENCE = "server:client_id:" + WEB_CLIENT_ID;
protected static final HttpTransport HTTP_TRANSPORT = AndroidHttp.newCompatibleTransport();
protected static final JsonFactory JSON_FACTORY = new AndroidJsonFactory();

GoogleAccountCredential credential;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    credential = GoogleAccountCredential.usingAudience(this, AUDIENCE);

    startActivityForResult(credential.newChooseAccountIntent(), 0);
}

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    String accountName = data.getExtras().getString(AccountManager.KEY_ACCOUNT_NAME);
    credential.setSelectedAccountName(accountName);
    final SignUser signUser = new SignUser.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential).build();
    Log.d("TEST", "start");
    new Thread(new Runnable() {
        @Override
        public void run() {
            try {
                Profile profile = signUser.signInWithGoogle().execute();
                Log.d("TEST", "success");
            } catch (IOException e) {
                e.printStackTrace();
                Log.d("TEST", "failed");
            }
        }
    }).start();
}
}

类似于 signUser.signInWithGoogle().execute()的类不会创建端点需要的User对象，因此，端点抛出UnauthorizedException.实际上，如果我从端点上删除OAuth2保护，一切都会很好.

Seems like signUser.signInWithGoogle().execute() does not create the User object need by the endpoint, therefore, the endpoint throw an UnauthorizedException. Actually, if I remove the OAuth2 protection from the endpoint, everything works fine.

任何人都可以向我解释一下错误是什么吗?

Can anyone explain me what is the error please?

更新

这是java类的@Api注释.

Here is the @Api annotation of the java class.

@Api(
    name = "signUser",
    version = "v1",
    scopes = {Constants.EMAIL_SCOPE},
    clientIds = {Constants.ANDROID_CLIENT_ID, Constants.API_EXPLORER_CLIENT_ID},
    audiences = {Constants.ANDROID_AUDIENCE},
    description = "APIs for sign user"
)

其中 EMAIL_SCOPE 是 https://www.googleapis.com/auth/userinfo.email 并且 ANDROID_AUDIENCE 等于WEB_CLIENT_ID

where EMAIL_SCOPE is https://www.googleapis.com/auth/userinfo.email and ANDROID_AUDIENCE is equals to the WEB_CLIENT_ID

推荐答案

我已经通过为这样的凭据对象设置自定义请求初始化程序来解决了这个问题

I've solved this by setting an custom request initializer to the credential object like this

GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(this.TRANSPORT).setJsonFactory(this.JSON_FACTORY)
.setClientSecrets(Constants.CLIENT_ID,     Constants.CLIENT_SECRET).setRequestInitializer((new HttpRequestInitializer(){
            @Override
            public void initialize(HttpRequest request)
                    throws IOException {
                request.getHeaders().put("Authorization", "Bearer " + accessToken);
            }
        })).build()

这篇关于GoogleJsonResponseException:带有OAuth2保护的401未经授权的呼叫端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！