使用GoogleAuth.grantOfflineAccess在服务器上进行身份验证时出现Redirect_URI错误

Question

我正在尝试使用https://developers.google.com/identity/sign-in/web/server-side-flow中列出的授权流程.我已按照指示创建了凭据...没有指定授权重定向URI,因为doc指示:"授权重定向URI字段不需要值.重定向URI不用于JavaScript API."

启动授权的代码是:客户端按钮和回调:

<script>
$('#signinButton').click(function() {


    var auth2 = gapi.auth2.getAuthInstance(); 
    auth2.grantOfflineAccess().then(signInCallback);

});
function signInCallback(authResult) {

    console.log('sending to server');

    if (authResult['code']) {

        // Send the code to the server
        $.ajax({
          type: 'POST',
          url: 'CheckAuth',

          headers: {
            'X-Requested-With': 'XMLHttpRequest'
          },
          contentType: 'application/octet-stream; charset=utf-8',
          success: function(result) {
            // Handle or verify the server response.
          },
          processData: false,
          data: authResult['code']
        });
      } else {
        // There was an error.
      }
}
</script>

服务器端(CheckAuth方法从auth代码创建凭据,它通过javascript回调正确接收):

private Credential authorize() throws Exception {
    // load client secrets
    InputStream is = new FileInputStream(clientSecretsPath_);
    InputStreamReader isr = new InputStreamReader(is);
    GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, isr);



    String redirect_URI = "";
    GoogleTokenResponse tokenResponse =
                  new GoogleAuthorizationCodeTokenRequest(
                          httpTransport, JSON_FACTORY,
                      "https://www.googleapis.com/oauth2/v4/token",
                      clientSecrets.getDetails().getClientId(),
                      clientSecrets.getDetails().getClientSecret(),
                      token_,
                      redirect_URI)  
                      .execute();

        String accessToken = tokenResponse.getAccessToken();

        // Use access token to call API
        GoogleCredential credential = new GoogleCredential().setAccessToken(accessToken);
        return credential;

    }

流程正常工作,直到我的服务器尝试交换令牌响应的授权代码(GoogleAuthorizationCodeTokenRequest.execute())...... auth服务器返回:

400 Bad Request
{
  "error" : "invalid_request",
  "error_description" : "Missing parameter: redirect_uri"
}

鉴于错误,我在javascript中查看了auth实例的调试,并注意到它指示的是redirect_uri.然后,我更新了我的google凭据,并在授权重定向URI中指定了该URI(它是访问javascript的URL,因为auth服务器正确返回到指定的javascript回调).使用更新的凭据和在GoogleAuthorizationCodeTokenRequest实例化中指定的URI(String redirect_URI =" http://example.com:8080/JavascriptLocation ";),然后错误变为:

400 Bad Request
{ 
  "error" : "redirect_uri_mismatch",
  "error_description" : "Bad Request"
}

我一直跟踪到auth服务器的实际HttpRequest(www.googleapis.com/oauth2/v4/token),并且不知道它正在寻找什么redirect_uri.

在这种情况下,有没有人知道redirect_uri的值是什么(使用grantOfflineAccess()时)？我很乐意发布更多的代码,如果这有用的话......只是不想淹没页面.谢谢.

Answer 1

在发布问题后立即找到对"postmessage"的引用...使用它作为服务器端的redirect_URI似乎从auth服务器生成成功的响应.所以...在下面的代码中设置redirect_URI ="postmessage"似乎适用于这种情况.

GoogleTokenResponse tokenResponse =
                  new GoogleAuthorizationCodeTokenRequest(
                          httpTransport, JSON_FACTORY,
                      "https://www.googleapis.com/oauth2/v4/token",
                      clientSecrets.getDetails().getClientId(),
                      clientSecrets.getDetails().getClientSecret(),
                      token_,
                      redirect_URI) 
                      .execute();