Google API HTTP 401 - 令牌无效 - AuthSub 令牌的范围错误 [英] Google API HTTP 401 - Token invalid - AuthSub token has wrong scope

问题描述

在通过 C# 应用程序向 Google 网站 API 发送发布请求时，我在使用 google api 方面苦苦挣扎了几天.

I'm struggling with google api for a few days while sending a post request to Google sites API via C# application.

首先我通过 GET 请求从谷歌的服务器上兑换授权码:

First I redeem the authorization code from google's servers by a GET request:

    https://accounts.google.com/o/oauth2/auth?
    scope=email%20profile&
state=security_token%3D138r5719ru3e1%26url%3Dhttps://oa2cb.mydomain/myHome&
    redirect_uri=http://localhost&
    response_type=code&
    client_id= // CLIENT ID here...
    access_type=online&
    approval_prompt=auto

在重定向 uri 中，我获得了用于声明访问令牌:

In the redirect uri I got the authorization code which I use to claim the access token:

string RequestUrl;

            RequestUrl = "https://www.googleapis.com/oauth2/v3/token";
            WebRequest request = WebRequest.Create(RequestUrl);
            request.Method = "POST";

            // Create POST data and convert it to a byte array.
            string postData = "code=4/aPJAhLvlGLxw1fjKDCOpEQjfoVtNDZYq7FzvrziUero#&" +
                "client_id=//cilent id here&" +
                "client_secret=client secret here&" +
                "redirect_uri=http://localhost&" +
                "grant_type=authorization_code";
            byte[] byteArray = Encoding.UTF8.GetBytes(postData);
            request.ContentType = "application/x-www-form-urlencoded";
            request.ContentLength = byteArray.Length;
            Stream dataStream = request.GetRequestStream();
            dataStream.Write(byteArray, 0, byteArray.Length);
            dataStream.Close();
            WebResponse response = request.GetResponse();
            Console.WriteLine(((HttpWebResponse)response).StatusDescription);
            dataStream = response.GetResponseStream();
            StreamReader reader = new StreamReader(dataStream);
            string responseFromServer = reader.ReadToEnd();
            Console.WriteLine(responseFromServer);
            reader.Close();
            dataStream.Close();
            response.Close();

包含令牌的响应如下所示:

The response containing the token looks like that:

{
 "access_token": "ya29.pAGX8f4e0ZyBazzq5rxWVS6lL1jRyj0_GCog5UEO3FiGT2h4cj10jee4ziAoA09vHRoVejN5p7Iw",
 "token_type": "Bearer",
 "expires_in": 3600,
 "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE2NWQ2MzcwZTgzOTI5YmE4Y2E4ZWU5OTMzZTExZjg2Yzg4YzAwNjUifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTA1OTc0NjQwMTUzNzU0NjU1MDE5IiwiYXpwIjoiOTkwMzUxMjA1MzY4LXBudGYxZXNtaXQ3a3Zlbmg5cnRvbW5pMmdhMmY0N2ZsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJuaXIuazFAaGFpZmFuZXQub3JnLmlsIiwiYXRfaGFzaCI6Imc5MU5wOVRYS2JUaVEzcFpTM2Ewa1EiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXVkIjoiOTkwMzUxMjA1MzY4LXBudGYxZXNtaXQ3a3Zlbmg5cnRvbW5pMmdhMmY0N2ZsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJoYWlmYW5ldC5vcmcuaWwiLCJpYXQiOjE0MzU4MjI2ODAsImV4cCI6MTQzNTgyNjI4MH0.CeaQ8S3GG-yeAwqjU1ixdB7ro2SVKp2QdVTXNWl6196oJeQU1LFLpZ9FtrpNEGSDKHXrO5zx0ldE52RYw8TwMKILUqqCHLOewVJQMjZ6tiPzt-b-qeUta6Op4Z9HerwkMK2sofl88G-XZ6jKc7gk1gGPVcATBU7x0-QPRhQxmDUzP7zceVeoOtBD8g7liVHakK9sA5RNonGt-N6SvzECqhSLss7kDuXc4dStnENhyv_9oTIpvVsQplE-cJz7fDHC7mkW7BfwsgKBE8XbruBz5-o3AG5RVGyUTYqDaoq9qr3_NqckiRISUS127scaYwcYPE22Q8L_2AnpfJU0vuxo6g"
}

最后一步是使用 access_token 调用 google api这样:

And the final step is to call the google api using the access_token this way:

 HttpWebRequest req = (HttpWebRequest)System.Net.WebRequest.Create("https://sites.google.com/feeds/site/mydomain");
        req.ContentType = "application/atom+xml";
        req.Host = "sites.google.com";
        req.Method = "POST";
        req.Headers["Gdata-version"] = "1.4";
        req.Headers["Authorization"] = "Bearer ya29.pAGX8f4e0ZyBazzq5rxWVS6lL1jRyj0_GCog5UEO3FiGT2h4cj10jee4ziAoA09vHRoVejN5p7Iw";

        byte[] bytes = System.Text.Encoding.ASCII.GetBytes("<entry xmlns='http://www.w3.org/2005/Atom' xmlns:sites='http://schemas.google.com/sites/2008'><title>Source Site</title><summary>A new site to hold memories</summary><sites:theme>slate</sites:theme></entry>");
        req.ContentLength = bytes.Length;

        using (Stream os = req.GetRequestStream())
        {
            os.Write(bytes, 0, bytes.Length);
        }

        try
        {
            using (System.Net.WebResponse resp = req.GetResponse())
            {

                using (System.IO.StreamReader sr = new System.IO.StreamReader(resp.GetResponseStream()))
                {
                    string i = sr.ReadToEnd().Trim();
                }
            }
        }
        catch (WebException ex)
        {
            using (var stream = ex.Response.GetResponseStream())
            using (var reader = new StreamReader(stream))
            {
                Console.WriteLine(reader.ReadToEnd());
            }
        }

但是在这一步结束时，我收到了 401 http 错误.

But at the end of this step I get a 401 http error.

Token invalid - AuthSub token has wrong scope

我做错了什么?提前致谢

What am I doing wrong? Thanks in advance

推荐答案

您正在使用以下范围对您的用户进行身份验证

you are authenticating your users using the following scopes

scope=email%20profile&

scope=email%20profile&

站点数据 API 使用以下范围:https://sites.google.com/feeds/.

The Sites Data API uses the following scope: https://sites.google.com/feeds/.

这篇关于Google API HTTP 401 - 令牌无效 - AuthSub 令牌的范围错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！