Google OAuth 2.0令牌类型不一致？ [英] Google OAuth 2.0 inconsistent token type?

问题描述

Google根据在其自己的 OAuth 2.0规范中说href = http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#authz-header rel = nofollow> OAuth 2.0草案，即授权标头应为：

 授权：不记名{access_token} 
  

确实可以与 G + API 一起使用。

但是 Google Calendar API ，您需要将 Bearer 更改为 OAuth ！

 授权：OAuth {access_token} 
  

您可以在 Google OAuth 2.0 Playground 中自己尝试。 / p>

我在用键盘敲击头部几次后发现了这个问题。

我找不到任何东西关于 OAuth 令牌类型的任何位置。
这是Google不了解自己的准则和标准的一个示例，还是我错过了一些东西？

解决方案

The出于遗留原因，支持授权：OAuth格式，OAuth 2的早期草案使用了该架构。

在您的代码中，您应该使用授权：承载。如果这不起作用，请让我确切知道您要使用的API（确切的URL和参数）。

例如，以下内容适用于Bearer和OAuth：
curl --header授权：Bearer XXX
https://www.googleapis.com/calendar/v3/users/me/calendarList

Google says in its own OAuth 2.0 specs in accordance with the OAuth 2.0 draft that the authorization header should be:

Authorization: Bearer {access_token}

And indeed it works with the G+ API.

But with the Google Calendar API you need to change the Bearer to OAuth!

Authorization: OAuth {access_token}

You can try it yourself in the Google OAuth 2.0 Playground.

I have discovered this after I hit my head several times against the keyboard.

I couldn't find anything about OAuth token type anywhere. Is this an example of Google's ignorance of its own guidelines and standards, or am I missing something?

解决方案

The "Authorization: OAuth" format is supported for legacy reasons, earlier drafts of OAuth 2 used this schema.

In your code you should use "Authorization: Bearer". If this is not working then let me know exactly what API (exact URL and parameters) you are trying to use.

As an example, the following works with both Bearer and OAuth: curl --header "Authorization: Bearer XXX" "https://www.googleapis.com/calendar/v3/users/me/calendarList"

这篇关于Google OAuth 2.0令牌类型不一致？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！