用于服务器端应用程序的 Google+ 登录，交换访问令牌的授权码 [英] Google+ Sign-in for server-side apps, exchanging auth code for access token

问题描述

我正在尝试按照此流程使用 python 服务器后端在 android 应用程序上登录用户:

I'm trying to follow this flow to sign-in a user on an android app using a python server backend:

https://developers.google.com/+/web/登录/服务器端流程

我已成功从 Android 应用获取授权代码，但是当我尝试将此代码交换为来自服务器的访问令牌时，我收到invalid_request"错误.

I'm successful in getting the authorization code from the Android app, but when I try to exchange this code for an access token from the server, I'm getting an "invalid_request" error.

在 Android 应用程序中，我使用的客户端 ID 与服务器上的客户端 ID 相同，该 ID 列在我的控制台中Web 应用程序的客户端 ID"下.我已经验证了 redirect_uri 是正确的.难道不能从Android客户端生成授权码并使用服务器来交换访问令牌吗?

From the Android app, I'm using the same client_id as the one on the server which is listed under "Client ID for web application" in my console. I've verified the redirect_uri is correct. Is it not possible to generate an authorization code from an Android client and use a server to exchange for the access token?

我的python代码是:

My python code is:

def auth_params(self):
  client_id, client_secret = self.get_key_and_secret()
  return {
      'grant_type': 'authorization_code',    
      'code': self.data.get('code', ''),  # auth code from app
      'client_id': client_id,
      'client_secret': client_secret,
      'redirect_uri': self.get_redirect_uri()
  }       

@classmethod
def auth_headers(cls):
    return {'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'application/json'}

def auth_complete(self, *args, **kwargs):
  params = self.auth_params()
  request = Request('https://accounts.google.com/o/oauth2/token', data=urlencode(params),
                    headers=self.auth_headers())
  try:
      response = simplejson.loads(urlopen(request).read())
  except HTTPError, e:
      print 'fml'

推荐答案

有两个特殊的重定向 URI，它们实际上并不重定向回服务器:postmessage"和urn:ietf:wg:oauth:2.0:oob".这些特殊的重定向 URI 不会触发重定向 POST 到您的服务器，而是在响应请求时返回 OAuth 2.0 令牌.

There are two special redirect URIs that do not actually redirect back to the server: "postmessage" and "urn:ietf:wg:oauth:2.0:oob". These special redirect URIs do not trigger a redirect POST to your server but instead return the OAuth 2.0 tokens in a response to the request.

当您交换访问令牌和刷新令牌的代码时，与授权代码关联的重定向 URI 需要匹配.

When you exchange the code for an access token and refresh token, the redirect URI associated with the authorization code needs to match.

因为您的授权码来自 Android 设备，您的重定向 URI 可能在这一行不匹配:

Because your authorization code is coming from an Android device, your redirect URI is probably mismatched on this line:

  'redirect_uri': self.get_redirect_uri()

对于 Android 代码交换，重定向 URI 必须是:urn:ietf:wg:oauth:2.0:oob

For Android code exchange, the redirect URI must be: urn:ietf:wg:oauth:2.0:oob

希望有帮助.您可能已经注意到，如果您还使用从 Web 登录或 Android 返回的授权码，则需要适当地设置重定向 URI(例如 urn[...] 用于 Android、'postmessage' 或配置的否则重定向).

Hopefully that helps. As you may have noticed, if you are also taking an authorization code returned from a Web sign-in or Android, you will need to set the redirect URI appropriately (e.g. urn[...] for Android, 'postmessage' or the configured redirect otherwise).

这篇关于用于服务器端应用程序的 Google+ 登录，交换访问令牌的授权码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！