参数“州必须在查询字符串中设置结果，我该怎么办 [英] the parameter " state " must be set in query string in result what should i do further

问题描述

我做了一个智能家居Google动作连接。关联到并授权给Google Home的网络应用。

I did a smart home google action connection. web app to google home linked and authorized.

我遵循了Google的智能家居操作。那里需要状态。状态是什么？

I followed the smart home google action. there needed the state. What is the state?

下面给出的字符串是授权示例，但我不知道状态字符串

the given below string is an example to authorize but I do not know about state string

从哪里添加状态字符串，它的用途是什么？

from where I add state string and what is the purpose of it?

GET https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI&state=STATE_STRING&response_type=token

推荐答案

您应该从Google在URL参数中发送身份验证端点的参数中获得状态。

You should get the state from the parameters that Google sends your auth endpoint in URL parameters.

如果您使用隐式流，则这些参数为：

If you're using the implicit flow, those parameters are:

• client_id -您分配给Google的客户端ID。


• redirect_uri -您将对此请求的响应发送到的URL。


• state -簿记值，该值在重定向中保持不变URI。


• response_type -响应中返回的值的类型。对于OAuth 2.0隐式流，响应类型始终为令牌。

• client_id - The client ID you assigned to Google.
• redirect_uri - The URL to which you send the response to this request.
• state - A bookkeeping value that is passed back to Google unchanged in the redirect URI.
• response_type - The type of value to return in the response. For the OAuth 2.0 implicit flow, the response type is always "token".

如果您使用的是auth代码流，则会得到类似的参数，但是 response_type 的值将是 code。

If you're using the auth code flow, you'll get similar parameters, but the value of response_type will be "code".

您应发送与完全相同，您获得的 state 值与您重定向到的URL中的 state 参数相同。这是OAuth安全性的一部分，用于帮助防止重播攻击并用于OAuth客户端识别要回复的请求。

You should send exactly the same value you get for state back as the state parameter in the URL you redirect to. This is part of the security of OAuth used to help prevent replay attacks and for the OAuth client to identify which request is being replied to.

这篇关于参数“州必须在查询字符串中设置结果，我该怎么办的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！