从 Android 获取 Google oauth 授权令牌-返回无效范围/未知错误 [英] getting Google oauth authorization token from Android- return with invalid_scope/ Unknown error

问题描述

我尝试使用 Google oauth 对我的 Android 应用程序上的用户进行身份验证.然后我想将它发送到我的应用服务器，以便它可以随时与 Google 日历连接.

I try to use Google oauth to authenticate users on my android app. Then I would like to send it to my app server so it can connect at any time with Google calendar.

我尝试使用GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);

按照这篇文章:https://developers.google.com/accounts/docs/CrossClientAuth

当我使用范围时mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.个人资料";我得到一个令牌，有效期为一个小时

When I use it with scope mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"; I get a token, which is valid for an hour

但是当我尝试获取授权码时(因此我可以获得一个有效期更长的刷新令牌，使用mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";

But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";

我收到invalid_scope"或Unknown"异常.

I receive either "invalid_scope" or "Unknown" exceptions.

我做错了什么?

好的，在 google API 控制台上创建新应用程序并将 plus.login 添加到范围后，我得到了一个代码，但由于某种原因，我的服务器无法解析此令牌.当绑定到解析服务器时，会收到有关重定向 URL 的错误.顺便说一句，当我使用相同的参数进行网络流程时，它可以工作.

OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL. BTW, When I do the web flow with same parameters it works.

推荐答案

好的，找到了解决方案，我希望 Google 有更多关于使用 Google Oauth 和 Android 的更好的文档.使用 Android 和离线令牌必须了解的一些事项

OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token

1. 当您创建 google Client ID 时不要在创建 Web 应用程序之前创建服务应用程序

1. When you create google Client ID Don't create a service application before you create a web application

必须包括 https://www.googleapis.com/auth/plus.login 在你的范围内

Must include https://www.googleapis.com/auth/plus.login in your scope

最奇怪的是，要解析服务器上的一次性授权代码，我必须使用来自 Android 客户端 ID 详细信息(甚至看起来不像 url)而不是来自 Web 客户端的重定向 URLGoogle API 控制台上的详细信息.

The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.

这篇关于从 Android 获取 Google oauth 授权令牌-返回无效范围/未知错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！