什么原因导致间歇无效的授权 [英] What causes intermittent Invalid Grant
问题描述
我收到以下内容:
{
error:invalid_grant
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest。 java:303)
,位于com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest.execute(GoogleRefreshTokenRequest.java:130)
这只发生在我的生产Appengine实例中(即不在开发服务器上),它只发生在我用于测试dev和production的电子邮件地址。 / p>
我的工作假设是,这与用户在开发服务器上被授予刷新令牌有关,这会以某种方式干扰产品上存储的刷新令牌服务器。
任何人都可以证实这个解释,并且有关于如何处理这个异常的最佳做法?
目前只有谷歌工作的最后25个刷新令牌。
我们基本上保留了一个大小为25的生成刷新令牌队列。
这意味着在您的测试帐户中,如果您碰巧生成了超过25个刷新令牌旧的将开始被撤销。
也许这就是发生在这里的事情,所以我想指出这一点,可能是因为您生成了超过25个刷新标记你的测试帐户的开发服务器和prod中的令牌被丢弃(因为有25个新的)。
这是关于我们的身份验证没有记录的东西服务器,因此请注意它可以随时更改。
通常,当发生此异常时,您需要让用户通过新的OAuth 2.0流程才能获得一个新的刷新标记。
I'm getting the following
{
"error" : "invalid_grant"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:303)
at com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest.execute(GoogleRefreshTokenRequest.java:130)
This only happens in my production Appengine instance, (ie. not on dev server), and it only happens for the email address that I use for testing on both dev and production.
My working hypothesis is that it is something to do with the user being granted a refresh-token on the dev server which is somehow interfering with the stored refresh-token on the prod server.
Can anybody confirm this explanation, and is there a best practice on how to deal with this exception?
Currently only the last 25 refresh tokens granted by Google work. We basically keep a queue of size 25 of generated refresh tokens.
That mean that on your testing account if you happened to generate more than 25 refresh tokens the older ones will start to be revoked.
Maybe that is what is happening here so I wanted to point this out, it could be that you generated more than 25 refresh tokens on your dev server with your test account and the token that was in prod got dropped (because there are 25 newer ones).
That is something that is not documented about our authentication servers and as such be aware that it could change anytime.
In general when this exception happens you need to make the user go through a new OAuth 2.0 flow in order to get a new refresh token.
这篇关于什么原因导致间歇无效的授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
