为什么只有OAuth 2.0 Playground访问令牌适用于Google API? [英] Why do only OAuth 2.0 Playground access tokens work for Google API?
问题描述
我已经使用以下信息创建了OAuth 2.0 Playground访问令牌: 选择&授权API: https://www.googleapis.com/auth/consumersurveys https://www.googleapis.com/auth/userinfo.email
但是,当我使用Postman创建访问令牌时,或者从AspNetUserClaims表中检索它们时,这些访问令牌不起作用。
示例#1:我在Postman中为Google获取访问令牌,并将其添加到Header(对于承载和令牌显示复选标记)。我按Postman发送,它返回Invalid_Credentials。如果令牌过期或无效,我将其删除并在头中创建一个新的令牌。仍然失败。
POSTMAN信息:
验证网址:https://accounts.google.com/o/oauth2/auth
访问令牌网址:https://accounts.google.com/o/oauth2/token
客户端ID:隐藏
客户端隐藏:隐藏
范围:https:// www。 googleapis.com/auth/userinfo.email
授予类型:授权码
检查本地请求访问令牌。
示例2:我使用我的开发站点上的Google Sign-On按钮生成访问令牌然后存储在AspNetuserClaims表中。我将该访问令牌复制到Postman(也出现复选标记)并按发送,并且它还返回Invalid_Credentials。如果令牌过期,我从所有AspNet用户表中删除新创建的帐户和访问令牌,然后再次尝试。仍然失败。
为什么这只能在Postman中使用OAuth 2.0 Playground令牌?它们都是通过邮递员令牌向导或新注册的用户帐户或OAuth2.0 Playground向导新产生的令牌,但只有OAuth2.0 Playground令牌实际上可以工作...
我相信这个问题是Postman中的访问令牌需要更多的范围来完全验证我的身份,这很有意义,因为此API包含我试图访问的调查,这些调查也与Google帐户相关联。这只在我添加consumerurveys.readonly作用域(使用A SPACE)以及userinfo.email作用域之后才开始工作,如下所述。
单独使用SCOPE SETTING并没有做到这一点, t工作:
https://www.googleapis.com/auth/userinfo.email
此范围设置对此API DID具有更多权限!
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/consumersurveys.readonly
有关将范围添加到C#代码的更多信息,请访问: http://www.oauthforaspnet.com/providers/google/
希望这可以帮助那些遇到类似问题的其他人。
I have created OAuth 2.0 Playground access tokens using the following info:
Select & Authorize APIs: https://www.googleapis.com/auth/consumersurveys https://www.googleapis.com/auth/userinfo.email
This works (for me it returns a list of surveys I had created previously).
However, when I create access tokens using Postman OR retrieve them from AspNetUserClaims table those access tokens don't work.
Example #1: I get an access token in Postman for Google and add it to the Header (a checkmark appears for Bearer and token). I press Send in Postman and it returns "Invalid_Credentials". In case the token is expired or invalid, I delete it and create a new one to use in the header. Still fails.
POSTMAN info:
Auth URL: https://accounts.google.com/o/oauth2/auth
Access Token URL: https://accounts.google.com/o/oauth2/token
Client ID: hidden
Client Secret: hidden
Scope: https://www.googleapis.com/auth/userinfo.email
Grant Type: Authorization Code
Request access token locally is checked.
Example #2: I use the Google Sign-On button on my dev site which generates an access token that is then stored in the AspNetuserClaims table. I copy that access token into Postman (a checkmark appears also) and press Send and it also returns "Invalid_Credentials". In case the token is expired, I delete the newly created account and access token from all the AspNet user tables and try it again. Still fails.
Why is this only working with OAuth 2.0 Playground tokens in Postman? They are all newly generated tokens through the Postman token wizard or newly registered user accounts or the OAuth2.0 Playground wizard, but only the OAuth2.0 Playground tokens actually work...
Figured this out.
I believe the issue was that the access token in Postman required more scopes to authenticate me fully, which makes sense since this API contains surveys that I am trying to access, which are also linked to a Google account. This started working only after I added the consumersurveys.readonly scope (using A SPACE) along with the userinfo.email scope, as outlined below.
This SCOPE SETTING alone didn't work: https://www.googleapis.com/auth/userinfo.email
This SCOPE SETTING with more permission to this API DID work! https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/consumersurveys.readonly
More info on adding scopes to C# code can be found here: http://www.oauthforaspnet.com/providers/google/
Hope this helps anyone else out there who runs into a similar issue.
这篇关于为什么只有OAuth 2.0 Playground访问令牌适用于Google API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
