那些遇到过的问题

具有公共访问权限的Web应用程序的Google OAuth 2.0刷新令牌

Moo*_*ose 6 php gmail google-oauth google-api-php-client

我收到以下错误:

OAuth 2.0访问令牌已过期,并且刷新令牌不可用.对于自动批准的响应,不会返回刷新令牌

我有一个只有我的服务器才能访问的Web应用程序,初始身份验证工作正常,但一小时后,弹出上述错误消息.我的脚本看起来像这样:

require_once 'Google/Client.php';     
require_once 'Google/Service/Analytics.php';       
session_start();

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$client->setDeveloperKey("{MY_API_KEY}");
$client->setClientId('{MY_CLIENT_ID}.apps.googleusercontent.com');
$client->setClientSecret('{MY_KEY}');
$client->setRedirectUri('{MY_REDIRECT_URI}');
$client->setScopes(array('https://www.googleapis.com/auth/gmail.readonly'));

if (isset($_GET['code'])) {
    $client->authenticate($_GET['code']);  
    $_SESSION['token'] = $client->getAccessToken();
    $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
    header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
}

if (!$client->getAccessToken() && !isset($_SESSION['token'])) {
    $authUrl = $client->createAuthUrl();
    print "<a class='login' href='$authUrl'>Connect Me!</a>";
}
Run Code Online (Sandbox Code Playgroud)

如何为此设置刷新令牌?

编辑1:我也尝试过使用服务帐户.我按照GitHub上提供的文档:

https://github.com/google/google-api-php-client/blob/master/examples/service-account.php

我的脚本看起来像这样:

session_start();
include_once "templates/base.php";
require_once 'Google/Client.php';
require_once 'Google/Service/Gmail.php';
$client_id = '{MY_CLIENT_ID}.apps.googleusercontent.com'; 
$service_account_name = '{MY_EMAIL_ADDRESS}@developer.gserviceaccount.com ';
$key_file_location = 'Google/{MY_KEY_FILE}.p12';
echo pageHeader("Service Account Access");
    if ($client_id == ''
|| !strlen($service_account_name)
|| !strlen($key_file_location)) {
  echo missingServiceAccountDetailsWarning();
}
$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$service = new Google_Service_Gmail($client);
if (isset($_SESSION['service_token'])) {
  $client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
    array('https://www.googleapis.com/auth/gmail.readonly'),
    $key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
  $client->getAuth()->refreshTokenWithAssertion($cred);
}
Run Code Online (Sandbox Code Playgroud)

这将返回以下消息:

刷新OAuth2令牌时出错,消息:'{"error":"invalid_grant"}''

跟踪此代码后,可以找到它的源代码 Google/Auth/OAuth2.php

问题的方法,refreshTokenRequest:

private function refreshTokenRequest($params)
{
    $http = new Google_Http_Request(
    self::OAUTH2_TOKEN_URI,
    'POST',
    array(),
    $params
    );
    $http->disableGzip();
    $request = $this->client->getIo()->makeRequest($http);

    $code = $request->getResponseHttpCode();
    $body = $request->getResponseBody();
    if (200 == $code) {
      $token = json_decode($body, true);
      if ($token == null) {
        throw new Google_Auth_Exception("Could not json decode the access token");
      }

      if (! isset($token['access_token']) || ! isset($token['expires_in']))     {
        throw new Google_Auth_Exception("Invalid token format");
      }

      if (isset($token['id_token'])) {
        $this->token['id_token'] = $token['id_token'];
      }
      $this->token['access_token'] = $token['access_token'];
      $this->token['expires_in'] = $token['expires_in'];
      $this->token['created'] = time();
    } else {
      throw new Google_Auth_Exception("Error refreshing the OAuth2 token, message: '$body'", $code);
    }
  }
Run Code Online (Sandbox Code Playgroud)

这意味着该$code变量为NULL.我在SO上发现这篇文章:

刷新OAuth2令牌时出错{"error":"invalid_grant"}

并且可以看出仍然没有首选解决方案.这让我疯了.目前很少甚至没有相关的文档,如果有人有解决方案,我相信我不是唯一一个寻找它的人.

Haf*_*ari 10

每个access_token在几秒钟后过期,需要刷新刷新,"离线访问"就是你要找的东西.在这里你可以按照文档:

https://developers.google.com/accounts/docs/OAuth2WebServer#offline

要获取refresh_token,您只需运行此代码一次:

require_once 'Google/Client.php';

$client = new Google_Client();
$client->setClientId('{MY_CLIENT_ID}.apps.googleusercontent.com');
$client->setClientSecret('{MY_KEY}');
$client->setRedirectUri('{MY_REDIRECT_URI}');
//next two line added to obtain refresh_token
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$client->setScopes(array('https://www.googleapis.com/auth/gmail.readonly'));

if (isset($_GET['code'])) {
    $credentials = $client->authenticate($_GET['code']);  

    /*TODO: Store $credentials somewhere secure */

} else {
    $authUrl = $client->createAuthUrl();
    print "<a class='login' href='$authUrl'>Connect Me!</a>";
}
Run Code Online (Sandbox Code Playgroud)

$credentials包括访问令牌和刷新令牌.您必须存储此信息才能随时获取新的访问令牌.所以,当你想打电话给api时:

require_once 'Google/Client.php';
require_once 'Google/Service/Gmail.php';

/*TODO: get stored $credentials */

$client = new Google_Client();
$client->setClientId('{MY_CLIENT_ID}.apps.googleusercontent.com');
$client->setRedirectUri('{MY_REDIRECT_URI}');
$client->setClientSecret('{MY_KEY}');
$client->setScopes(array('https://www.googleapis.com/auth/gmail.readonly'));
$client->setAccessToken($credentials);

$service = new Google_Service_Gmail($client);
Run Code Online (Sandbox Code Playgroud)

  • @Mutlu 正如我所说,你必须设置 `$client-&gt;setAccessType('offline');` 和 `$client-&gt;setApprovalPrompt('force');` 来强制你的 `$credentials` 包含 refresh_token。 (2认同)

归档时间:

查看次数:

7917 次

最近记录:

11 年 前
相关归档
使用==与strcmp进行字符串比较 323
捕获和重新抛出异常的最佳做法是什么? 143
如何用PHP打破外部循环? 120
PHP抽象属性 120
调用未定义的方法mysqli_stmt :: get_result 107
将字符串转换为碳 35
PHP:从路径中删除文件名 31
PHP使用参数获取URL 28
filemtime"警告统计失败" 21
GitLab-CI Multi Runner php composer cache 21
难疑归档
Python有一个字符串'contains'子串方法吗? 3601
如何使用jQuery刷新页面? 2361
如何将多行中的文本连接成SQL Server中的单个文本字符串? 1813
按值复制数组 1638
什么是未定义的引用/未解析的外部符号错误,我该如何解决? 1418
如何在JavaScript正则表达式中访问匹配的组? 1277
CSS calc()函数中的Sass变量 1182
Pythonic方式创建一个长多行字符串 1160
查找包含具有指定名称的列的所有表 - MS SQL Server 1090
Ukkonen的简明英语后缀树算法 1065