“invalid_grant”/“bad request”同时获取 authcode google api 的令牌
Posted
技术标签:
【中文标题】“invalid_grant”/“bad request”同时获取 authcode google api 的令牌【英文标题】:"invalid_grant" / "bad request" while getting tokens for authcode google api 【发布时间】:2022-01-16 23:52:00 【问题描述】:我正在尝试将 google 日历集成到我的应用中,但收到 error: 'invalid_grant', error_description: 'Bad Request'
我一直在关注谷歌文档,并参考了相关的 *** 帖子来解决问题,但到目前为止还没有运气。我正在实施的流程如下:
生成谷歌同意网址
const client_secret, client_id, redirect_uris = credentials.web;
const oAuth2Client = new google.auth.OAuth2(
client_id, client_secret, redirect_uris[0]
);
const authUrl = oAuth2Client.generateAuthUrl(
access_type: 'offline',
scope: SCOPES,
prompt: 'consent'
);
console.log('Authorize this app by visiting this url:', authUrl);
在征得用户同意后,从 URL 中提取授权码并尝试获取令牌以换取授权码
const client_secret, client_id, redirect_uris = credentials.web;
const OAuthtoClient = new google.auth.OAuth2(
client_id, client_secret, redirect_uris[0]
);
let decoded = decodeURIComponent(code);
OAuthtoClient.getToken(decoded, (err, token) =>
if (err) return console.error('Error retrieving access token', err);
console.log('Here the tokens :', token);
首先我遇到了另一个错误 "error": "invalid_grant", "error_description": "Malformed auth code。" ,参考this solution解决。代码运行一次,我第一次能够生成“refresh_token and access_token”。
之后我尝试为另一个用户生成令牌,但出现以下错误error: 'invalid_grant', error_description: 'Bad Request'
我尝试了诸如重置客户端密码之类的方法,但没有成功。
我的重定向网址是 "redirect_uris": [ "https://example.com/authenticate-gcalendar", "http://localhost:3000" ]
来源网址"javascript_origins": [ "http://localhost:4000" ]
作用域const SCOPES = ['https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/calendar.events'];
提前谢谢你!
这是完整的错误信息
Error retrieving access token GaxiosError: invalid_grant
at Gaxios.<anonymous> (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:73:27)
at Generator.next (<anonymous>)
at fulfilled (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:16:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
response:
config:
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
headers: [Object],
params: [Object: null prototype] ,
paramsSerializer: [Function: paramsSerializer],
body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
validateStatus: [Function: validateStatus],
responseType: 'json'
,
data: error: 'invalid_grant', error_description: 'Bad Request' ,
headers:
'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"',
'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
connection: 'close',
'content-encoding': 'gzip',
'content-type': 'application/json; charset=utf-8',
date: 'Mon, 13 Dec 2021 13:01:12 GMT',
expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
pragma: 'no-cache',
server: 'scaffolding on HTTPServer2',
'transfer-encoding': 'chunked',
vary: 'Origin, X-Origin, Referer',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '0'
,
status: 400,
statusText: 'Bad Request'
,
config:
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
headers:
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent': 'google-api-nodejs-client/3.1.2',
Accept: 'application/json'
,
params: [Object: null prototype] ,
paramsSerializer: [Function: paramsSerializer],
body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
validateStatus: [Function: validateStatus],
responseType: 'json'
,
code: '400'
【问题讨论】:
【参考方案1】:无效授权可能是难以诊断的错误。你应该先关注官方Node.js quickstart
const fs = require('fs');
const readline = require('readline');
const google = require('googleapis');
// If modifying these scopes, delete token.json.
const SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'];
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
const TOKEN_PATH = 'token.json';
// Load client secrets from a local file.
fs.readFile('credentials.json', (err, content) =>
if (err) return console.log('Error loading client secret file:', err);
// Authorize a client with credentials, then call the Google Calendar API.
authorize(JSON.parse(content), listEvents);
);
/**
* Create an OAuth2 client with the given credentials, and then execute the
* given callback function.
* @param Object credentials The authorization client credentials.
* @param function callback The callback to call with the authorized client.
*/
function authorize(credentials, callback)
const client_secret, client_id, redirect_uris = credentials.installed;
const oAuth2Client = new google.auth.OAuth2(
client_id, client_secret, redirect_uris[0]);
// Check if we have previously stored a token.
fs.readFile(TOKEN_PATH, (err, token) =>
if (err) return getAccessToken(oAuth2Client, callback);
oAuth2Client.setCredentials(JSON.parse(token));
callback(oAuth2Client);
);
/**
* Get and store new token after prompting for user authorization, and then
* execute the given callback with the authorized OAuth2 client.
* @param google.auth.OAuth2 oAuth2Client The OAuth2 client to get token for.
* @param getEventsCallback callback The callback for the authorized client.
*/
function getAccessToken(oAuth2Client, callback)
const authUrl = oAuth2Client.generateAuthUrl(
access_type: 'offline',
scope: SCOPES,
);
console.log('Authorize this app by visiting this url:', authUrl);
const rl = readline.createInterface(
input: process.stdin,
output: process.stdout,
);
rl.question('Enter the code from that page here: ', (code) =>
rl.close();
oAuth2Client.getToken(code, (err, token) =>
if (err) return console.error('Error retrieving access token', err);
oAuth2Client.setCredentials(token);
// Store the token to disk for later program executions
fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) =>
if (err) return console.error(err);
console.log('Token stored to', TOKEN_PATH);
);
callback(oAuth2Client);
);
);
/**
* Lists the next 10 events on the user's primary calendar.
* @param google.auth.OAuth2 auth An authorized OAuth2 client.
*/
function listEvents(auth)
const calendar = google.calendar(version: 'v3', auth);
calendar.events.list(
calendarId: 'primary',
timeMin: (new Date()).toISOString(),
maxResults: 10,
singleEvents: true,
orderBy: 'startTime',
, (err, res) =>
if (err) return console.log('The API returned an error: ' + err);
const events = res.data.items;
if (events.length)
console.log('Upcoming 10 events:');
events.map((event, i) =>
const start = event.start.dateTime || event.start.date;
console.log(`$start - $event.summary`);
);
else
console.log('No upcoming events found.');
);
【讨论】:
感谢@Dalm 的回复,我一直在关注相同的文档,并在上面构建了我的代码,但仍然出现错误。我认为this solution 可以解决我的问题,但由于我无法找到答案中提到的“电子邮件”,因此无法解决。【参考方案2】:我能够解决我的问题
我正在关注谷歌文档并在上面构建我的代码,所有代码都是正确的,但仍然是“invalid_grant”
在我的例子中,我将 google oauth 重定向到我的应用程序的 url,同时将它运行到我的本地主机。重定向到http://127.0.0.1:4000
后,错误解决。
【讨论】:
以上是关于“invalid_grant”/“bad request”同时获取 authcode google api 的令牌的主要内容,如果未能解决你的问题,请参考以下文章
“invalid_grant”/“bad request”同时获取 authcode google api 的令牌
BigQuery 中的 Heisenberg 错误“invalid_grant”?
环境/身份验证可能存在问题 - BigQuery 管理员:invalid_grant, Invalid JWT Signature
Spotify SessionManager 不断失败并出现错误“invalid_grant”