为什么这个访问令牌立即失效？ [英] Why is this access token invalid instantly?

问题描述

场景：

1. 创建Google+登录按钮供用户登录。 >




2. 保存访问令牌并将其打印在索引/主页上以确保访问令牌实际存在。这可以起作用。
   

3. 尝试使用同一令牌来授权用户帐户（在本例中为我的用户）对Google API进行AUTHORIZED调用。这会一直响应invalid_token。

那么，为什么GET请求中的标记几乎立即无效我保存并将访问令牌打印到页面上？我是否调用错误的URI或提供错误的参数？访问令牌是JUST创建的，但我得到的回应是我看到的，其中包括状态代码，ReasonPhrase，RequestMessage，头信息和内容： 未经授权 - 未经授权 - 方法：GET，RequestUri：' https：//www.googleapis。 com / consumersurveys / v2 / surveys？key = {MY_API_KEY}'，Version：1.1，Content：，Headers：{Accept：application / json Authorization：Bearer abcdefghijklmnopqrstuvqxyz123456789} - Vary：X-Origin，Origin，Accept-编码X-Content-Type-Options：nosniff X-Frame-Options：SAMEORIGIN X-XSS-Protection：1; mode = block备用协议：443：quic Alt-Svc：quic =：443; MA = 2592000; v =36,35,34,33,32,31,30,29,28,27,26,25传输编码：分块Accept-Ranges：无Cache-Control：max-age = 0，私有日期：星期五，2016年7月15日18:10:37 GMT服务器：GSE WWW-Authenticate：持有者realm =https://accounts.google.com/，error = invalid_token - System.Net.Http.StreamContent

打印在Google页面上的Google Access令牌：abcdefghijklmnopqrstuvqxyz123456789

我所要做的只是对Google API进行授权调用，并按顺序要做到这一点，我必须提出GET请求并指定我的API密钥，并提供访问令牌（与打印的令牌相匹配），但是当我这样做时，它会显示invalid_token和未授权的令牌。为什么它会一直说这个？

这个问题是我另一个问题的扩展： GET调用Google API响应未授权

我认为问题在于访问令牌（我通过Postman验证）需要更多范围才能完全验证我的身份，这很有意义，因为此API包含我试图访问的调查，这些调查也与Google帐户关联。

有关向C＃代码添加范围的更多信息，请访问： http://www.oauthforaspnet.com/providers/google/

这里也回答了这个问题：为什么只有OAuth 2.0 Playground访问令牌适用于G oogle API？

Scenario:

1. Created a Google+ Sign-On button for the user to log in. This works.

2. Saved the access token and printed it out on the index/home page to make sure an access token actually exists. This works.

3. Attempt to use that same token to authorize the user account (mine in this case) to make AUTHORIZED calls to the Google APIs. This keeps responding with "invalid_token".

So, why is the token invalid for the GET request made almost immediately after I save and print out the access token to the page? Am I calling the wrong URI or providing the wrong parameters? The access token was JUST created but the response I get below is what I see, which includes the Status Code, ReasonPhrase, RequestMessage, Headers, and Content:

Google Response: Unauthorized - Unauthorized - Method: GET, RequestUri: 'https://www.googleapis.com/consumersurveys/v2/surveys?key={MY_API_KEY}', Version: 1.1, Content: , Headers: { Accept: application/json Authorization: Bearer abcdefghijklmnopqrstuvqxyz123456789 } - Vary: X-Origin, Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Alternate-Protocol: 443:quic Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32,31,30,29,28,27,26,25" Transfer-Encoding: chunked Accept-Ranges: none Cache-Control: max-age=0, private Date: Fri, 15 Jul 2016 18:10:37 GMT Server: GSE WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token - System.Net.Http.StreamContent

Google Access Token printed on page: abcdefghijklmnopqrstuvqxyz123456789

All I am simply trying to do is make authorized calls to Google APIs and in order to do that I have to make a GET request and specify my API KEY, and provide an access token (which matches the printed token) but when I do this it says invalid_token and unauthorized. Why does it keep saying this?

This question is an extension of my other question: GET call to a Google API responds with "Unauthorized"

解决方案

I believe the issue is that the access token (which I verified through Postman) required more scopes to authenticate me fully, which makes sense since this API contains surveys that I am trying to access, which are also linked to a Google account.

More info on adding scopes to C# code can be found here: http://www.oauthforaspnet.com/providers/google/

This is also answered here: Why do only OAuth 2.0 Playground access tokens work for Google API?

这篇关于为什么这个访问令牌立即失效？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！