Google OAuth 2和状态参数值需要在重定向网址中注册 [英] Google OAuth 2 and state parameter values need to be registered in redirect url

问题描述

根据Google Oauth 2.0文档的状态参数:

The state parameter according to the Google Oauth 2.0 docs:

表示收到响应后可能对您的应用程序有用的任何状态. Google授权服务器会往返传递此参数，因此您的应用程序会收到与发送的值相同的值.可能的用途包括将用户重定向到您网站中的正确资源，随机数和跨站点请求伪造缓解措施.

Indicates any state which may be useful to your application upon receipt of the response. The Google Authorization Server roundtrips this parameter, so your application receives the same value it sent. Possible uses include redirecting the user to the correct resource in your site, nonces, and cross-site-request-forgery mitigations.

我想使用state参数作为一种方法，以了解原始oauth请求是从哪个子域发起的.但是redirect_state参数似乎需要注册为授权重定向URI"之一的一部分.如果没有，我得到:

I'd like to use the state parameter as a means to know which subdomain the original oauth request was initiated from. But the redirect_state parameter appears to need to be registered as part of one of the "Authorized Redirect URIs". If not, I get:

错误:redirect_uri_mismatch 请求中的重定向URI: http://my_server.com/complete/google-oauth2/?redirect_state = 2 与注册的重定向URI不匹配

Error: redirect_uri_mismatch The redirect URI in the request: http://my_server.com/complete/google-oauth2/?redirect_state=2 did not match a registered redirect URI

我想要一个不需要在授权重定向URI中注册每个可能的redirect_state值的解决方案，因为它不太容易维护.想法?

I would like a solution that does not require registering every possible redirect_state value in the authorized redirect URIs as that isn't very maintainable. Ideas?

推荐答案

参数名称为state(而不是redirect_state)！

The name of the parameter is state (and not redirect_state)!

根据Google文档的示例OAuth请求是->

A sample OAuth request according to the google documentations is ->

https://accounts.google.com/o/oauth2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&
state=%2Fprofile&
redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Fcode&
response_type=code&
client_id=812741506391.apps.googleusercontent.com&approval_prompt=force

请注意State参数和redirect_uri参数.我认为您将两者混为一谈.

Please note the State parameter and the redirect_uri parameter. I think you've mixed up the two.

编辑-参见Google的链接.对状态参数和建立Web请求有很好的解释.

EDIT - See this link by Google. Has good explanation about state parameters and building up the web requests.

这篇关于Google OAuth 2和状态参数值需要在重定向网址中注册的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！