访问令牌未自动刷新 Google node sdk

【问题标题】:Access token not getting refreshed automatically Google node sdk访问令牌未自动刷新 Google node sdk
【发布时间】:2021-09-23 19:58:42
【问题描述】:

根据Google node sdk docs:“如果即将过期,此库将自动使用刷新令牌来获取新的访问令牌。”。但在我的情况下并没有发生。 大约一个小时后,我收到400 invalid_request 错误。

这是我的实现:

import { calendar_v3, google } from "googleapis";

const oauth2Client = new google.auth.OAuth2(
      process.env.NEXT_PUBLIC_GOOGLE_CLIENT_ID,
      process.env.GOOGLE_CLIENT_SECRET,
      process.env.NEXT_PUBLIC_GOOGLE_REDIRECT_URI
    );
    oauth2Client.setCredentials({
      refresh_token: gRefToken,
      access_token: gAccToken,
    });

const calendar = google.calendar({
      version: "v3",
      auth: oauth2Client,
    });

resCalEventsFromLastSync = await calendar.events.list({
        calendarId: "primary",
        timeMin: new Date().toISOString(),
        timeMax,
        singleEvents: true,
      });

我得到的完全错误:

{
  "response": {
    "config": {
      "method": "POST",
      "url": "https://oauth2.googleapis.com/token",
      "data": "refresh_token=1T_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
      "headers": {
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "google-api-nodejs-client/7.3.0",
        "x-goog-api-client": "gl-node/14.17.0 auth/7.3.0",
        "Accept": "application/json"
      },
      "body": "refresh_token=1T_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
      "responseType": "json"
    },
    "data": {
      "error": "invalid_request",
      "error_description": "Could not determine client ID from request."
    },
    "headers": {
      "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
      "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
      "connection": "close",
      "content-encoding": "gzip",
      "content-type": "application/json; charset=utf-8",
      "date": "Wed, 14 Jul 2021 21:29:59 GMT",
      "expires": "Mon, 01 Jan 1990 00:00:00 GMT",
      "pragma": "no-cache",
      "server": "scaffolding on HTTPServer2",
      "transfer-encoding": "chunked",
      "vary": "Origin, X-Origin, Referer",
      "x-content-type-options": "nosniff",
      "x-frame-options": "SAMEORIGIN",
      "x-xss-protection": "0"
    },
    "status": 400,
    "statusText": "Bad Request",
    "request": { "responseURL": "https://oauth2.googleapis.com/token" }
  },
  "config": {
    "method": "POST",
    "url": "https://oauth2.googleapis.com/token",
    "data": "refresh_token=1%2F%9Ir67CtgIIoYZT_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
    "headers": {
      "Content-Type": "application/x-www-form-urlencoded",
      "User-Agent": "google-api-nodejs-client/7.3.0",
      "x-goog-api-client": "gl-node/14.17.0 auth/7.3.0",
      "Accept": "application/json"
    },
    "body": "refresh_token=1%2F%2F0gr67CtgIIoYZT_09_wb9D3W_pgWgPbAKMcmOYCw3EOurrXyE4v7u7lHHRTS7wUANIxa2A&client_id=&client_secret=&grant_type=refresh_token",
    "responseType": "json"
  },
  "code": "400"
}

PS:我的应用目前处于unverified 状态,但请注意确定是否与它有关。

【问题讨论】:

  • 你在哪里存储刷新令牌。是的,该库将自动使用刷新令牌,但它需要您存储它。
  • 在我的数据库中存储令牌
  • similar post。它解释了如何获取您共享的参考文档中也提供的刷新令牌

标签: node.js oauth-2.0 google-api google-oauth google-calendar-api


【解决方案1】:

Google Calendar api 中的这个示例展示了如何从名为 token.json 的平面文件中加载令牌。

注意如何调用 getAccessToken 来加载令牌本身。

请记住,如果您的应用处于测试阶段,您的刷新令牌将在大约 7 到 14 天后过期。

const fs = require('fs');
const readline = require('readline');
const {google} = require('googleapis');

// If modifying these scopes, delete token.json.
const SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'];
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
const TOKEN_PATH = 'token.json';

// Load client secrets from a local file.
fs.readFile('credentials.json', (err, content) => {
  if (err) return console.log('Error loading client secret file:', err);
  // Authorize a client with credentials, then call the Google Calendar API.
  authorize(JSON.parse(content), listEvents);
});

/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 * @param {Object} credentials The authorization client credentials.
 * @param {function} callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) {
  const {client_secret, client_id, redirect_uris} = credentials.installed;
  const oAuth2Client = new google.auth.OAuth2(
      client_id, client_secret, redirect_uris[0]);

  // Check if we have previously stored a token.
  fs.readFile(TOKEN_PATH, (err, token) => {
    if (err) return getAccessToken(oAuth2Client, callback);
    oAuth2Client.setCredentials(JSON.parse(token));
    callback(oAuth2Client);
  });
}

/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 * @param {google.auth.OAuth2} oAuth2Client The OAuth2 client to get token for.
 * @param {getEventsCallback} callback The callback for the authorized client.
 */
function getAccessToken(oAuth2Client, callback) {
  const authUrl = oAuth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: SCOPES,
  });
  console.log('Authorize this app by visiting this url:', authUrl);
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
  });
  rl.question('Enter the code from that page here: ', (code) => {
    rl.close();
    oAuth2Client.getToken(code, (err, token) => {
      if (err) return console.error('Error retrieving access token', err);
      oAuth2Client.setCredentials(token);
      // Store the token to disk for later program executions
      fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) => {
        if (err) return console.error(err);
        console.log('Token stored to', TOKEN_PATH);
      });
      callback(oAuth2Client);
    });
  });
}

/**
 * Lists the next 10 events on the user's primary calendar.
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function listEvents(auth) {
  const calendar = google.calendar({version: 'v3', auth});
  calendar.events.list({
    calendarId: 'primary',
    timeMin: (new Date()).toISOString(),
    maxResults: 10,
    singleEvents: true,
    orderBy: 'startTime',
  }, (err, res) => {
    if (err) return console.log('The API returned an error: ' + err);
    const events = res.data.items;
    if (events.length) {
      console.log('Upcoming 10 events:');
      events.map((event, i) => {
        const start = event.start.dateTime || event.start.date;
        console.log(`${start} - ${event.summary}`);
      });
    } else {
      console.log('No upcoming events found.');
    }
  });
}

【讨论】:

  • 我浏览了那个例子,但不知道我犯了什么错误
  • 据我所知,您没有告诉它获取新的访问令牌
  • 但符合。对于文档,它会自动从我传递的刷新令牌中获取新令牌。如何使用 async/await 手动获取访问令牌?
  • 如果您检查示例,您会注意到它通过了身份验证,这是由授权和 getAccessToken 方法设置的。
【解决方案2】:

我觉得自己很愚蠢。结果发现环境变量丢失,如错误中所述:Could not determine client ID from request。不知道为什么它在授权的第一个小时有效。现在一切都整理好了。

【讨论】:

    猜你喜欢
    • 2020-04-05
    • 1970-01-01
    • 1970-01-01
    • 2019-06-29
    • 2015-10-05
    • 1970-01-01
    • 1970-01-01
    • 2021-11-21
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode