Google的oauth端点正在返回“错误请求”......但为什么呢？ [英] Google's oauth endpoint is returning a 'Bad Request'... but why?

问题描述

在 https://accounts.google.com/o/oauth2/token ，我决定问为什么这段代码无法获得服务器的错误请求响应......

After a lot of time wasted googling for the possible reasons for a 'Bad Request' when requesting for a token at https://accounts.google.com/o/oauth2/token, I decided to ask why this code can't obtain nothing but a 'bad request' response from the server...

String url = "https://accounts.google.com/o/oauth2/token";
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setChunkedStreamingMode(0);
con.setRequestMethod("POST");
con.setRequestProperty("Host", "accounts.google.com");
con.setRequestProperty("Content-Type",
        "application/x-www-form-urlencoded");
con.setRequestProperty("code", authCode);
con.setRequestProperty("client_id",
        "[CLIENT_ID]");
con.setRequestProperty("client_secret", "[CLIENT_SECRET");
con.setRequestProperty("redirect_uri",
        "http://localhost:8080/login");
con.setRequestProperty("grant_type", "authorization_code");

// Send post request
con.setDoOutput(true);

我必须设置 con.setChunkedStreamingMode（0）因为服务器返回了与内容长度相关的错误。

I did have to set con.setChunkedStreamingMode(0) because the server was returning an error related to content length.

有什么想法吗？
是否有必要将有效载荷放在一行？怎么样？

Any ideas? Could it be necessary to put the payload in a single line? how?

推荐答案

我认为HTTP 400（错误请求）的原因是你发送代码， client_id ， client_secret ， grant_type 和 redirect_uri 作为HTTP请求标头，您需要将它们作为HTTP POST请求正文中的查询参数发送（根据 Google OAuth2InstalledApp docs 。

I believe the reason for the HTTP 400 (Bad Request) is you are sending code, client_id, client_secret, grant_type, and redirect_uri as HTTP request headers where you need to be sending them as query parameters in the body of the HTTP POST request (according to the Google OAuth2InstalledApp docs).

查看使用java.net.URLConnection来触发和处理HTTP请求以获取如何发送HTTP POST的一个很好的示例。您需要获取代码， client_id 等，并将它们作为查询字符串写入正文：

Take a look at Using java.net.URLConnection to fire and handle HTTP requests for a good example of how to send the HTTP POST. You'll need to take code, client_id, etc. and write them as a query string in the body:

// partial example only: only code and client_id are included
String query = String.format("code=%s&client_id=%s", code, client_id);  
OutputStream out = con.getOutputStream();
out.write(query.getBytes("UTF-8"));

从Google OAuth2文档中，示例HTTP POST请求可能如下所示：

From the Google OAuth2 documentation, a sample HTTP POST request might look something like this:

POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded

code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.appspot.com/code&
grant_type=authorization_code

这篇关于Google的oauth端点正在返回“错误请求”......但为什么呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！