Google客户端JWT无效：令牌必须是短期令牌 [英] Google Client Invalid JWT: Token must be a short-lived token

问题描述

我使用 Google的php api客户端。我正在浏览服务帐户的快速入门指南 。我完全遵循了这些步骤（据我所知）。我遇到了以下错误：

I am using Google's php api client. I am running through the quickstart guide for service accounts. I followed the steps perfectly (as far as I can tell). I am running into the following error:

{
   "error": "invalid_grant",
   "error_description": "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems."
}

从我读过的这个错误中最常见的问题是如果系统时间是错误的。我有三重检查，我的时区和日期和时间与原子钟同步。我使用php设置时区功能来设置我的时区以匹配我的电脑，但我仍然得到错误。我正在研究消息的其他部分，提到iat和exp设置，并且还没有到任何地方。

From what I have read the most common problem with this error is if the system time is wrong. I have triple checked that my timezone and date and time are synced with the atomic clock. I used php set timezone function to set my timezone to match my computer, but I continue to get the error. I am looking into the other part of the message that mentions the iat and exp settings, and haven't gotten anywhere yet.

有没有人有任何想法通过这个？

Does anyone have any ideas of how I can get past this?

推荐答案

Invalid_grant 错误有两个常见原因。

Invalid_grant error has two common causes.

1. 您的服务器时钟与 NTP 。 （解决方案：检查服务器时间，如果它的错误解决了它。）


2. 已超出刷新令牌限制。 （解决方案：没有办法，他们无法使用更多刷新令牌）应用程序可以请求多个刷新令牌。例如，这在用户想要在多台机器上安装应用程序的情况下非常有用。在这种情况下，需要两个刷新标记，每个安装一个。当刷新令牌的数量超过限制时，旧令牌变为无效。如果应用程序尝试使用无效的刷新令牌，则返回invalid_grant错误响应。每个唯一一对OAuth 2.0客户端的限制是25个刷新令牌（请注意，此限制可能会发生变化）。如果应用程序继续为相同的客户端/帐户对请求刷新令牌，则一旦发出第26个令牌，以前发出的第1个刷新令牌就会失效。第二十七个请求刷新令牌会使第二个先前发放的令牌失效，等等。

1. Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )
2. The refresh token limit has been exceeded. (Solution: Nothing you can do they cant have more refresh tokens in use) Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. The limit for each unique pair of OAuth 2.0 client and is 25 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.

这篇关于Google客户端JWT无效：令牌必须是短期令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！