“无效的JWT:观众检查失败."尝试从Google获取OAuth令牌时出错 [英] "Invalid JWT: Failed audience check." Error when trying to get OAuth Token from Google

问题描述

我正在尝试从Google获取OAuth2令牌，并不断收到以下响应:

I'm trying to get an OAuth2 token from google and keep getting this response:

{
  "error": "invalid_grant",
  "error_description": "Invalid JWT: Failed audience check. The right audience is https://www.googleapis.com/oauth2/v4/token?grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1cGRhdGUtbG9jYXRpb24tZGF0YUB0b3RlbWljLWd1aWxkLTEyOTIyMC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInNjb3BlIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9wbHVzLmJ1c2luZXNzLm1hbmFnZSIsImF1ZCI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92NC90b2tlbiIsImlhdCI6MTQ2MzY4MjEwOSwiZXhwIjoxNDYzNjg1NjQ5fQ==.a09YUnpiY0FZZFZDUm5PaC91ZkV6ZUtJNGp4WWRWcHY3eFhHNVBXTmw2TGNjZ0JKZThTS2pENitldGNqZzFPMlRRMmNEWWx0aHBNU2k4NS9GeVhnQXdaMHRXVTVEbmcxcXFXQzFRYlp6NmNTZFNlcUt3TElGZjRLeHJCTTgxcVBmVSttQTM0dmprTGtSeEVsWC8vNGpTNDdYM0dobEk2THJOL2xOa2tXcnpEZlk2K1QrNk5OSndyTXhOaTZmcFdXQ09KVE9Gd0tVSnZjYnR1VWNLYnVXbzBqVEhqL056aHBPbkROVW1SSEpYY2JpU3VxVWdRai9PZldiR1p5bzJFK3ZtRzQ5NXdmdDdMMXJkQWdMZkZPcitpeWZVd1FneXVmZFUrRGd1dlZPOWdZSENrS1Fnd0tZb0tUbjNIU29Bcm13OE9OL0RFdkVPM2N2YjhTbFoxbjhRPT0="
}

服务帐户(我正在使用)的文档在这里: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

The docs for the service account (which I'm using) are here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

他们说:

声明的预期目标的描述符.在发出访问令牌请求时，该值始终为 https://www.googleapis.com/oauth2/v4/token ."

"A descriptor of the intended target of the assertion. When making an access token request this value is always https://www.googleapis.com/oauth2/v4/token."

因此，当我形成我的索赔集时，它看起来像这样:

So when I form my Claim Set, it looks like this:

{"iss":"********.iam.gserviceaccount.com","scope":"https://www.googleapis.com/auth/plus.business.manage","aud":"https://www.googleapis.com/oauth2/v4/token","iat":1463683812,"exp":1463687352}

有人知道导致我的听众检查失败的原因是什么，我应该使用该值吗?

Does anyone know what might be causing my audience check to fail and what I should be using as that value? Is it possible that other parts of my Token request are incorrect and it just says my audience check is failing?

推荐答案

好像您的客户端代码将参数作为查询参数(而不是必需的POST参数)传递给令牌端点.

Looks like your Client code is passing the parameters to the token endpoint as query parameters instead of the required POST parameters.

这篇关于“无效的JWT:观众检查失败."尝试从Google获取OAuth令牌时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！