POSTMAN:无法完成 OAuth2.0 登录 [英] POSTMAN: Could not complete OAuth2.0 login
问题描述
我想请求一个令牌,以便让我的 Postman 登录我的 Gmail 帐户,然后我可以调用 Google Cloud API.
我正在尝试输入我的 Gmail 电子邮件地址和密码,正如您从这张图片中看到的那样
最终目标是获得这样的 API
https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards我可以通过从 gcloud 使用我的 Gmail 帐户登录(gcloud auth application-default login"),然后使用 gcloud auth application-default print-access-token 打印令牌,复制打印的令牌并将其粘贴到访问令牌(邮递员).好吧,它可以工作,但是我有义务启动 gcloud 并安装它.我很确定我可以通过与登录 gcloud 的同一用户签名来达到相同的想法.我只是不知道如何用邮递员来做.上几个小时我读到的所有内容都将我带到了上面粘贴的图像,但由于这个问题的错误而失败.
如果相关,这里是我获取令牌的 gcloud 控制台
C:Program Files (x86)GoogleCloud SDK>gcloud auth application-default print-access-tokenC:Program Files (x86)GoogleCloud SDKgoogle-cloud-sdkin..lib hird_partygoogleauth\_default.py:69:用户警告:您的应用程序已使用来自的最终用户凭据进行身份验证谷歌云 SDK.我们建议大多数服务器应用程序改用服务帐户.如果您的应用程序继续使用来自 Cloud SDK 的最终用户凭据,您可能会收到超出配额"或API 未启用"错误.有关服务帐户的更多信息,请参阅 https://cloud.google.com/docs/authentication/warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)ya29.a0Ae4lvC3-3WxUmx... 删除令牌... hs251yTql3eEEC:Program Files (x86)GoogleCloud SDK>*** 首次发布后稍作修改
其他暂定导致
错误 400:invalid_requestredirect_uri 的参数值无效:缺少方案:/当我尝试时
我复制的客户 ID
***在疯头的建议下编辑
我仔细按照建议的所有步骤进行操作,实际上我可以通过单击获取新访问令牌直接从 Postman 获得 Google 令牌.然而它得到了
<代码>{错误": {代码":403,"message": "请求的身份验证范围不足.",状态":PERMISSION_DENIED"}}对于这两个来自 Postman 的试探性(粘贴 curl 脚本,因为它比 Postman 打印屏幕更容易从其他人那里评估)
curl --location --request GET 'https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards' --header '授权:承载 ya29.*** 代币 *** kO3Fg'curl --location --request POST 'https://firestore.googleapis.com/v1/projects/firetestjimis/databases/(default)/documents:runQuery' --header '授权:承载 ya29.*** token *** kO3Fg' --header 'Content-Type: application/json' --data-raw '{结构化查询":{在哪里" : {字段过滤器":{"field": {"fieldPath": "id"},"op":"相等",值":{字符串值":1"}}},来自":[{collectionId":转移"}]}}'这是在
这里是
***已编辑
***已编辑
- 已编辑
***成功添加两个作用域后编辑
上面写着由于您添加了敏感范围,因此您的同意屏幕需要经过 Google 验证才能发布"
当我点击提交验证"时,我看到它抱怨应用程序主页和应用程序隐私链接
实际上可以使用 Postman 访问 OAuth 2.0 保护的 Google API.
首先,您需要在您的 Google Cloud Console 项目中创建一个 OAuth 客户端.它应该是一个Web 应用程序"客户端,并且重定向 URI 应该是 https://oauth.pstmn.io/v1/callback:
记下客户端 ID 和客户端密码:
现在,去找邮递员.创建新请求.在授权"选项卡上,选择 OAuth 2.0,然后单击获取新访问令牌":
填写表格.
- 回调网址:
https://oauth.pstmn.io/v1/callback(将由Authorize using browser自动设置). - 使用浏览器授权:true
- 授权网址:
https://accounts.google.com/o/oauth2/auth - 访问令牌网址:
https://accounts.google.com/o/oauth2/token - 客户 ID:${您的客户 ID}
- 客户秘密:${你的线索秘密}
- 范围:${您的范围},例如
https://www.googleapis.com/auth/gmail.readonly用于 Gmail 只读访问权限.确保您的项目中允许使用相应的范围和 API(例如,在同意屏幕配置页面上).
点击请求令牌".浏览器将打开 pstmn.io 应用程序的 Google OAuth 同意屏幕.如有必要,请登录并授予访问权限.在该过程结束时,将打开一个弹出窗口(确保它没有被您的浏览器阻止),将您重定向回 Postman 应用程序.
去使用你的令牌!
I want to request a token in order I can have my Postman logged in my Gmail acocount and then I can call Google Cloud APIs.
I am trying by typing my Gmail email address and its password as you can see from this picture
The final goal is get APIs like this
https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards
I can do it by login with my Gmail account from gcloud ("gcloud auth application-default login"), then print the token with gcloud auth application-default print-access-token, copy the printed token and paste it in Access Token (Postman). Well it works, but it is kind of obligating me to start gcloud and has it installed. I am pretty sure I can reach same idea by sign with same user I sign in gcloud. I just don't know how to do it with Postman. All I have read last hours drove me to the image I pasted above but it is failling with error from this question.
In case it is relevant, here is the gcloud console where I get the token
C:Program Files (x86)GoogleCloud SDK>gcloud auth application-default print-access-token
C:Program Files (x86)GoogleCloud SDKgoogle-cloud-sdkin..lib hird_partygoogleauth\_default.py:69: UserWarning: Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most server applications use service accounts instead. If your application continues to use end user credentials from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about service accounts, see https://cloud.google.com/docs/authentication/
warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
ya29.a0Ae4lvC3-3WxUmx... removed token ... hs251yTql3eEE
C:Program Files (x86)GoogleCloud SDK>
*** Edited a bit after firstly posted
Other tentative is resulting in
Erro 400: invalid_request
Invalid parameter value for redirect_uri: Missing scheme: /
When I tried
The Client Id I copied from
*** edited after Madhead's suggestion
I followed carefully all steps proposed and indeed I can get a Google Token straight from Postman by clicking on Get New Access Token. Nevetheless it gets
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
For these two tentatives from Postman (pasted curl script since it is easier to evaluated from others than a Postman printscreen)
curl --location --request GET 'https://monitoring.googleapis.com/v1/projects/firetestjimis/dashboards' --header 'Authorization: Bearer ya29. *** token *** kO3Fg'
curl --location --request POST 'https://firestore.googleapis.com/v1/projects/firetestjimis/databases/(default)/documents:runQuery' --header 'Authorization: Bearer ya29. *** token *** kO3Fg' --header 'Content-Type: application/json' --data-raw '{
"structuredQuery": {
"where" : {
"fieldFilter" : {
"field": {"fieldPath": "id"},
"op":"EQUAL",
"value": {"stringValue": "1"}
}
},
"from": [{"collectionId": "transfer"}]
}
}'
Here is the OAuth Client ID created in credentials screen
{"web":{"client_id":"7953 *** 5k6e9ivtdg.apps.googleusercontent.com","project_id":"firetestjimis","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"IJGCe *** Du6bU","redirect_uris":["https://oauth.pstmn.io/v1/callback"]}}
as downlowaded from
And here is the
*** edited
*** edited
- edited
*** edited after succesfully added two scopes
It says "Because you've added a sensitive scope, your consent screen requires verification by Google before it's published"
And when I clicked in "Submit for verification" I see it complaining of Application Homepage and Application Privacy links
It's actually possible to use Postman to access OAuth 2.0 secured Google APIs.
First, you need to create an OAuth client in your Google Cloud Console project. It should be a "Web application" client, and the redirect URI should be https://oauth.pstmn.io/v1/callback:
Take a note of the Client ID and Client Secret:
Now, go to the Postman. Create new request. On the "Authorization" tab, select OAuth 2.0 and then click "Get New Access Token":
Fill in the form.
- Callback URL:
https://oauth.pstmn.io/v1/callback(will be set up automatically byAuthorize using browser). - Authorize using browser: true
- Auth URL:
https://accounts.google.com/o/oauth2/auth - Access Token URL:
https://accounts.google.com/o/oauth2/token - Client ID: ${your client id}
- Client Secret: ${your cluent secret}
- Scope: ${your scopes}, e.g.
https://www.googleapis.com/auth/gmail.readonlyfor Gmail read-only access. Make sure that corresponding scopes and API's are allowed in your project (e.g. on consent scree configuration page).
Click "Request Token". The browser will open Google's OAuth consent screen of pstmn.io app. Log in if necessary and grant the access. At the end of the process, a pop-up will be opened (make sure it is not blocked by your browser), redirecting you back to the Postman app.
Go and use your token!
这篇关于POSTMAN:无法完成 OAuth2.0 登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
