Google API Oauth2 刷新令牌错误请求 400 [英] Google API Oauth2 Refresh token bad request 400

问题描述

在通过 Xamarin C# 使用 Google API 刷新现有令牌时遇到问题.我想我的代码有问题，但我找不到什么.

having an issue refreshing an existing token by using the Google API with Xamarin C#. I guess something is wrong with my code, but I cannot find what.

(注意:我在 & 处添加了换行符以使请求更具可读性.希望每个人都能对此感到满意.)

(Note: I added newline characters at the & to make the requests more readable. Hope everyone will be cool with that.)

请求身份验证 URI

https://accounts.google.com/o/oauth2/v2/auth?
scope=https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events&
include_granted=true&
response_type=code&
redirect_uri=com.googleusercontent.apps.MYOAUTHCLIENTID:/oauth2redirect&
client_id=MYOAUTHCLIENTID.apps.googleusercontent.com&
access_type=offline

重定向 URI

com.googleusercontent.apps.MYOAUTHCLIENTID:/oauth2redirect

响应验证码

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

请求令牌 URI

https://oauth2.googleapis.com/token?
code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&
redirect_uri=com.googleusercontent.apps.MYOAUTHCLIENTID:/oauth2redirect&
client_id=MYOAUTHCLIENTID.apps.googleusercontent.com&
grant_type=authorization_code

响应令牌

{
  "access_token": "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY",
  "expires_in": 3599,
  "refresh_token": "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  "scope": "https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/calendar.events",
  "token_type": "Bearer"
}

现在我可以使用access_token"了在我的 HTTP 标头请求中，并且可以毫无问题地使用日历.我也可以撤销令牌，但不能刷新它.

Now I can use the "access_token" in my HTTP header requests and work with the calendar without problems. I also can revoke the token, but not refreshing it.

尝试刷新令牌

var dict = new Dictionary<string, string>();
dict.Add("Content-Type", "application/x-www-form-urlencoded");
var contentHeader = new FormUrlEncodedContent(dict);

HttpClient refreshTokenClient = new HttpClient();

// Doing this because someone wrote that this helped in his case. Did not help :/
System.Net.ServicePointManager.SecurityProtocol |=
    SecurityProtocolType.Tls12 |
    SecurityProtocolType.Tls11 |
    SecurityProtocolType.Tls;

// uriTokenRequest has the type URI with this value
// {https://oauth2.googleapis.com/token?
// code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&
// client_id=MYOAUTHCLIENTID.apps.googleusercontent.com&
// grant_type=refresh_token&
// refresh_token=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ}

using (var result = await refreshTokenClient.PostAsync(uriTokenRequest, contentHeader))
    if (result.IsSuccessStatusCode) // This will be FALSE
    {
        ...
    }

回复

{StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Accept-Ranges: none
  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
  Cache-Control: no-store, must-revalidate, no-cache, max-age=0
  Date: Sun, 11 Jul 2021 13:46:09 GMT
  Pragma: no-cache
  Server: scaffolding
  Server: on
  Server: HTTPServer2
  Transfer-Encoding: chunked
  Vary: X-Origin
  Vary: Referer
  Vary: Origin
  Vary: Accept-Encoding
  X-Android-Received-Millis: 1626011170088
  X-Android-Response-Source: NETWORK 400
  X-Android-Selected-Protocol: http/1.1
  X-Android-Sent-Millis: 1626011170050
  X-Content-Type-Options: nosniff
  X-Frame-Options: SAMEORIGIN
  X-XSS-Protection: 0
  Content-Type: application/json; charset=utf-8
  Expires: Mon, 01 Jan 1990 00:00:00 GMT
}}

Google API 文档 https://developers.google.com/identity/protocols/oauth2/native-app#offline 确实提到了client_secret".但是使用 response_type code"我从来没有收到过这样的.我已经阅读了很多次文档，以至于我对它视而不见.

The Google API documentation https://developers.google.com/identity/protocols/oauth2/native-app#offline does say about a "client_secret". But with the response_type "code" I never received such. I've read the documentation now so many times that I am blind to it.

或者代码"不需要令牌刷新?

Or does "code" not require a token refresh?

有什么想法吗?

代码"确实需要令牌刷新，因为令牌确实过期了，因为结果属性expires_in"不存在.已经告诉了.

"code" does require a token refresh, since the token does expire, as the result property "expires_in" already tell.

编辑 2:正如 Cherry Bu - MSFT 建议我查看 Xamarin.Auth 源代码并发现一些差异，我对其进行了改编.不幸的是，我仍然无法成功.这是我最近的尝试:

EDIT 2: As by Cherry Bu - MSFT suggested I peeked at the Xamarin.Auth source code and found some differences, that I adapted. Unfortunately I am still not able to succeed. This is my latest try:

var queryValues = new Dictionary<string, string>();
//queryValues.Add("Content-Type", "application/x-www-form-urlencoded");
queryValues.Add("client_id", Constants.OAuthClientId);
queryValues.Add("code", _authenticationCode);
queryValues.Add("refresh_token", _refresh_token);
queryValues.Add("grant_type", "refresh_token");

var httpContent = new FormUrlEncodedContent(queryValues);

HttpClient refreshTokenClient = new HttpClient();

//if (!string.IsNullOrEmpty(_accessToken) && !string.IsNullOrEmpty(_accessTokenType))
//{
//    refreshTokenClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(_accessTokenType, _accessToken);
//}

using (var response = await refreshTokenClient.PostAsync("https://accounts.google.com/o/oauth2/token", httpContent).ConfigureAwait(false))
{
    if (response.IsSuccessStatusCode) --> This will be false
    {
        ...
    }
}

推荐答案

已修复.2 个问题:

1 DefaultRequestHeader 不起作用.

1 The DefaultRequestHeader did not work.

HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(GoogleOAuth.AccessToken, GoogleOAuth.AccessTokenType);

即使对象本身看起来不错，它也不起作用.我用那个替换了它:

Even when the object itself did look alright it did not work. I replaced it with that:

HttpClient client = new HttpClient();
var requestMessage = new HttpRequestMessage(HttpMethod.Post, calenderUri);
requestMessage.Headers.Authorization = new AuthenticationHeaderValue(GoogleOAuth.AccessTokenType, GoogleOAuth.AccessToken); // both are strings. ("Bearer", "yaa...")
requestMessage.Content = data;
var response = await client.SendAsync(requestMessage);

if (!response.IsSuccessStatusCode)
{
string content = await response.Content.ReadAsStringAsync();
throw new Exception(content);
}

之后我只需要再做一件事

After that I only had to do one more thing

2 删除了代码"；和client_secret"从请求数据.结果:

2 Removed "code" and "client_secret" from the request data. The result:

using (HttpClient client = new HttpClient())
{
    var googleData = new Dictionary<string, string>();
    googleData.Add("client_id", GoogleOAuth.ClientId);
    googleData.Add("refresh_token", GoogleOAuth.RefreshToken);
    googleData.Add("grant_type", "refresh_token");

    var data = new FormUrlEncodedContent(googleData);

    var requestMessage = new HttpRequestMessage(HttpMethod.Post, Constants.GoogleTokenUri);
    requestMessage.Headers.Authorization = new AuthenticationHeaderValue(GoogleOAuth.AccessTokenType, GoogleOAuth.AccessToken);
    requestMessage.Content = data;
    var response = await client.SendAsync(requestMessage);

    if (response.IsSuccessStatusCode)
    {
        // do something
    }
}

几个星期以来，我试图让它运行，但几乎是疯狂.希望这能拯救某人的神经.

For weeks I tried to get it running and was close to insanity. Hope this saves someones nerves.

这篇关于Google API Oauth2 刷新令牌错误请求 400的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！