“invalid_grant”/“bad request”同时获取 authcode google api 的令牌

Posted

技术标签:

【中文标题】“invalid_grant”/“bad request”同时获取 authcode google api 的令牌【英文标题】:"invalid_grant" / "bad request" while getting tokens for authcode google api 【发布时间】:2022-01-16 23:52:00 【问题描述】:

我正在尝试将 google 日历集成到我的应用中,但收到 error: 'invalid_grant', error_description: 'Bad Request'

我一直在关注谷歌文档,并参考了相关的 *** 帖子来解决问题,但到目前为止还没有运气。我正在实施的流程如下:

    生成谷歌同意网址

     const client_secret, client_id, redirect_uris = credentials.web;
     const oAuth2Client = new google.auth.OAuth2(
         client_id, client_secret, redirect_uris[0]
     );
    
     const authUrl = oAuth2Client.generateAuthUrl(
         access_type: 'offline',
         scope: SCOPES,
         prompt: 'consent'
     );
     console.log('Authorize this app by visiting this url:', authUrl);
    

    在征得用户同意后,从 URL 中提取授权码并尝试获取令牌以换取授权码

     const  client_secret, client_id, redirect_uris  = credentials.web;
    
     const OAuthtoClient = new google.auth.OAuth2(
     client_id, client_secret, redirect_uris[0]
     );
    
     let decoded = decodeURIComponent(code);
    
     OAuthtoClient.getToken(decoded, (err, token) => 
         if (err) return console.error('Error retrieving access token', err);
         console.log('Here the tokens :', token);
    

首先我遇到了另一个错误 "error": "invalid_grant", "error_description": "Malformed auth code。" ,参考this solution解决。代码运行一次,我第一次能够生成“refresh_token and access_token”。

之后我尝试为另一个用户生成令牌,但出现以下错误error: 'invalid_grant', error_description: 'Bad Request'

我尝试了诸如重置客户端密码之类的方法,但没有成功。

我的重定向网址是 "redirect_uris": [ "https://example.com/authenticate-gcalendar", "http://localhost:3000" ]

来源网址"javascript_origins": [ "http://localhost:4000" ]

作用域const SCOPES = ['https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/calendar.events'];

提前谢谢你!

这是完整的错误信息

Error retrieving access token GaxiosError: invalid_grant
at Gaxios.<anonymous> (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:73:27)
at Generator.next (<anonymous>)
at fulfilled (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:16:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5) 
response: 
config: 
  method: 'POST',
  url: 'https://oauth2.googleapis.com/token',
  data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
  headers: [Object],
  params: [Object: null prototype] ,
  paramsSerializer: [Function: paramsSerializer],
  body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
  validateStatus: [Function: validateStatus],
  responseType: 'json'
,
data:  error: 'invalid_grant', error_description: 'Bad Request' ,
headers: 
  'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"',
  'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
  connection: 'close',
  'content-encoding': 'gzip',
  'content-type': 'application/json; charset=utf-8',
  date: 'Mon, 13 Dec 2021 13:01:12 GMT',
  expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
  pragma: 'no-cache',
  server: 'scaffolding on HTTPServer2',
  'transfer-encoding': 'chunked',
  vary: 'Origin, X-Origin, Referer',
  'x-content-type-options': 'nosniff',
  'x-frame-options': 'SAMEORIGIN',
  'x-xss-protection': '0'
   ,
status: 400,
statusText: 'Bad Request'
,
 config: 
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
headers: 
  'Content-Type': 'application/x-www-form-urlencoded',
  'User-Agent': 'google-api-nodejs-client/3.1.2',
  Accept: 'application/json'
,
params: [Object: null prototype] ,
paramsSerializer: [Function: paramsSerializer],
body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
validateStatus: [Function: validateStatus],
responseType: 'json'
,
code: '400'

【问题讨论】:

【参考方案1】:

无效授权可能是难以诊断的错误。你应该先关注官方Node.js quickstart

const fs = require('fs');
const readline = require('readline');
const google = require('googleapis');

// If modifying these scopes, delete token.json.
const SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'];
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
const TOKEN_PATH = 'token.json';

// Load client secrets from a local file.
fs.readFile('credentials.json', (err, content) => 
  if (err) return console.log('Error loading client secret file:', err);
  // Authorize a client with credentials, then call the Google Calendar API.
  authorize(JSON.parse(content), listEvents);
);

/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 * @param Object credentials The authorization client credentials.
 * @param function callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) 
  const client_secret, client_id, redirect_uris = credentials.installed;
  const oAuth2Client = new google.auth.OAuth2(
      client_id, client_secret, redirect_uris[0]);

  // Check if we have previously stored a token.
  fs.readFile(TOKEN_PATH, (err, token) => 
    if (err) return getAccessToken(oAuth2Client, callback);
    oAuth2Client.setCredentials(JSON.parse(token));
    callback(oAuth2Client);
  );


/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 * @param google.auth.OAuth2 oAuth2Client The OAuth2 client to get token for.
 * @param getEventsCallback callback The callback for the authorized client.
 */
function getAccessToken(oAuth2Client, callback) 
  const authUrl = oAuth2Client.generateAuthUrl(
    access_type: 'offline',
    scope: SCOPES,
  );
  console.log('Authorize this app by visiting this url:', authUrl);
  const rl = readline.createInterface(
    input: process.stdin,
    output: process.stdout,
  );
  rl.question('Enter the code from that page here: ', (code) => 
    rl.close();
    oAuth2Client.getToken(code, (err, token) => 
      if (err) return console.error('Error retrieving access token', err);
      oAuth2Client.setCredentials(token);
      // Store the token to disk for later program executions
      fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) => 
        if (err) return console.error(err);
        console.log('Token stored to', TOKEN_PATH);
      );
      callback(oAuth2Client);
    );
  );


/**
 * Lists the next 10 events on the user's primary calendar.
 * @param google.auth.OAuth2 auth An authorized OAuth2 client.
 */
function listEvents(auth) 
  const calendar = google.calendar(version: 'v3', auth);
  calendar.events.list(
    calendarId: 'primary',
    timeMin: (new Date()).toISOString(),
    maxResults: 10,
    singleEvents: true,
    orderBy: 'startTime',
  , (err, res) => 
    if (err) return console.log('The API returned an error: ' + err);
    const events = res.data.items;
    if (events.length) 
      console.log('Upcoming 10 events:');
      events.map((event, i) => 
        const start = event.start.dateTime || event.start.date;
        console.log(`$start - $event.summary`);
      );
     else 
      console.log('No upcoming events found.');
    
  );

【讨论】:

感谢@Dalm 的回复,我一直在关注相同的文档,并在上面构建了我的代码,但仍然出现错误。我认为this solution 可以解决我的问题,但由于我无法找到答案中提到的“电子邮件”,因此无法解决。【参考方案2】:

我能够解决我的问题

我正在关注谷歌文档并在上面构建我的代码,所有代码都是正确的,但仍然是“invalid_grant”

在我的例子中,我将 google oauth 重定向到我的应用程序的 url,同时将它运行到我的本地主机。重定向到http://127.0.0.1:4000后,错误解决。

【讨论】:

以上是关于“invalid_grant”/“bad request”同时获取 authcode google api 的令牌的主要内容,如果未能解决你的问题,请参考以下文章

“invalid_grant”/“bad request”同时获取 authcode google api 的令牌

BigQuery 中的 Heisenberg 错误“invalid_grant”?

环境/身份验证可能存在问题 - BigQuery 管理员:invalid_grant, Invalid JWT Signature

Spotify SessionManager 不断失败并出现错误“invalid_grant”

获取 400 的状态 - "error":"invalid_grant" On Authentication

尝试刷新 googleapis 的访问令牌时出现 invalid_grant 错误