Analytics API返回:错误请求 - invalid_grant [英] Analytics API returns: Bad request - invalid_grant
问题描述
我使用的是Google Analytics(分析)API v3。现在我将解释我的申请流程
我在这里使用这个文件: https://developers.google.com/accounts/docs/OAuth2WebServer
首先,生成OAUTH网址为用户。网址如下所示:
https://accounts.google.com/o/oauth2/auth?
client_id = {CLIENT-ID}&
redirect_uri = {REDIRECT-URL}&
state = {CUSTOM-NUMBER}&
response_type = code&
access_type = offline&
approval_prompt = force&
scope = https://www.googleapis.com/auth/analytics
用户点击他认证的链接。
我向 https:// www发送一个请求。 googleapis.com/oauth2/v3/token 与参数
$ b
code = $ b grant_type = authorization_code
client_secret = CLIENT_SECRET
client_id = CLIENT_ID
redirect_uri = REDIRECT_URI
我发送的cURL选项如下:
CURLOPT_HTTPHEADER = array('Content-Type:application / x-www- form-urlencoded')
当然,post数据是用http_build_query构建的,所以我可以使用内容类型头。 p>
然后,我通过此网址获取用户的所有个人资料
https: //www.googleapis.com/analytics/v3/management/accounts/~all/webproperties/~all/profiles
这样,我列出所有的配置文件。然后,用户选择一个配置文件,我的库获取用户的当前数据(浏览量,访问次数等)。
我现在遇到的问题,是的,当我想用cron每天刷新数据,我得到错误消息:
'错误'=> 'invalid_grant',
'error_description'=> 'Bad Request'
但我不知道为什么?
我为我的数据库中的配置文件保存了访问令牌和刷新令牌。然后,当我在请求访问数据之前重新访问数据时,我检查令牌是否有效。但即使这样失败。
我在此处执行此请求
它告诉我,访问令牌是无效的(这是神秘的,因为我只是验证,5秒后令牌不是有效吗?
无论如何,我尝试使用此请求刷新
URL:https://www.googleapis.com/oauth2/v3/token
参数:
client_secret = CLIENT_SECRET
client_id = CLIENT_ID
refresh_token = REFRESH_TOKEN从我的数据库
grant_type = refresh_token
cURL选项:CURLOPT_HTTPHEADER = array('Content-Type:application / x-www-form-urlencoded')
然后,使用http_build_query创建的params发布请求
像这样
string(67){error:invalid_grant,error_description:
但我不知道为什么。我使用访问令牌和刷新令牌,我得到5分钟前和那些工作的第一个请求。为什么5分钟后它不工作用相同的令牌?
解决方案无效授权通常有两个可能的原因。
- 您的服务器时钟与NTP不同步。 (解决方案:检查服务器时间,如果其不正确的修复它。)
- 已超过刷新令牌限制。 (解决方案:没有什么你可以做,他们不能有更多的刷新令牌使用)
应用程序可以请求多个刷新令牌。例如,这在用户想要在多个机器上安装应用程序的情况下是有用的。在这种情况下,需要两个刷新令牌,每个安装一个。当刷新令牌的数量超过限制时,较旧的令牌变得无效。如果应用程序尝试使用无效的刷新令牌,则返回invalid_grant错误响应。 OAuth 2.0客户端的每个唯一对的限制是25个刷新令牌(请注意,此限制可能会更改)。如果应用程序继续请求同一客户端/帐户对的刷新令牌,则一旦发出第26个令牌,先前发出的第一个刷新令牌将无效。第27个请求的刷新令牌会使第2个之前发出的令牌无效等。
您应该只存储刷新令牌。访问令牌将在一小时后过期。以下是对不同呼叫 Google 3 legged Oauth2流程的详细介绍。
我无法从你的代码中找出任何东西,看起来有点混乱。但我看不到任何真的看起来错误,这就是为什么我猜它可能是前两个问题之一。
I'm using the Google Analytics API v3. I'll explain the flow of my application now
I used this documentation here: https://developers.google.com/accounts/docs/OAuth2WebServer
First, an OAUTH-URL is generated for the user. The URL looks like this
https://accounts.google.com/o/oauth2/auth? client_id={CLIENT-ID}& redirect_uri={REDIRECT-URL}& state={CUSTOM-NUMBER}& response_type=code& access_type=offline& approval_prompt=force& scope=https://www.googleapis.com/auth/analyticsWhen the user clicks on the link he authenticates. Afterwards, with the code, I'm getting the access and refresh token.
I'm sending a request to
https://www.googleapis.com/oauth2/v3/tokenwith the parameterscode = Code from Analytics grant_type = authorization_code client_secret = CLIENT_SECRET client_id = CLIENT_ID redirect_uri = REDIRECT_URIThe cURL options I send are the following:
CURLOPT_HTTPHEADER = array('Content-Type: application/x-www-form-urlencoded')And of course, the post data is built with http_build_query so I can use that content-type header.
Then, I am getting all profiles of the user, with this URL
https://www.googleapis.com/analytics/v3/management/accounts/~all/webproperties/~all/profilesThis works, and I'm listing all the profiles. The user then selects one of the profiles, and my library gets the current data for the user (pageviews, visits, etc.)
The problem I'm having now, is, that, when I want to refresh the data everyday with a cron, I'm getting the error message:
'error' => 'invalid_grant', 'error_description' => 'Bad Request'But I have no idea, why?
I saved the access token and the refresh token for the profiles in my database. Then, when reaccessing data before I make requests to access data, I check if the token is valid. But even this fails.
I'm doing this request here
It tells me, that the access token is invalid (Which is mysterious, since I just authenticated and 5 seconds later the token isn't valid anymore?
Anyway, then I try to refresh it with this request
URL: https://www.googleapis.com/oauth2/v3/token Parameters: client_secret = CLIENT_SECRET client_id = CLIENT_ID refresh_token = REFRESH_TOKEN From my database grant_type = refresh_token cURL Options: CURLOPT_HTTPHEADER = array('Content-Type: application/x-www-form-urlencoded')Then, a post request with the params built with http_build_query
The response looks like this
string(67) "{ "error": "invalid_grant", "error_description": "Bad Request" } "But I have no idea why. I'm using the access token and refresh token I got 5 minutes earlier and the ones which worked for the first request. Why doesn't it work 5 minutes later with the same tokens? And why can't I even refresh the token?
解决方案Invalid grant normally has two possible causes.
- Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )
- The refresh token limit has been exceeded. (Solution: Nothing you can do they cant have more refresh tokens in use) Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. The limit for each unique pair of OAuth 2.0 client and is 25 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.
You should only be storing the Refresh token. The Access token will expire after an hour. Here is a walk though on the different calls Google 3 legged Oauth2 flow.
I wasn't able to figure out anything from your code it looked a little confusing. But I couldn't see anything that really looked wrong that's why I am guessing it might be one of the first two issues.
这篇关于Analytics API返回:错误请求 - invalid_grant的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
