传递了自定义令牌的 oAuth2 客户端无效

【问题标题】:oAuth2 client with custom token passed isn't valid传递了自定义令牌的 oAuth2 客户端无效
【发布时间】:2021-06-24 06:57:39
【问题描述】:

我正在尝试修改 node.js 谷歌日历 API https://developers.google.com/calendar/quickstart/nodejs 以适应我的 next.js 应用程序。到目前为止,我的身份验证设置是这样的

  providers: [
    Providers.Google({
      clientId: "id",
      clientSecret: "secret",
      authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth?prompt=consent&access_type=offline&response_type=code',
    }),
  ],
  secret: process.env.secret,
  callbacks: {
    async jwt(token, user, account, profile, isNewUser) {
      if (account?.accessToken) {
        token.refresh_token = account.refreshToken
        token.token_type = account.token_type
        token.access_token = account.accessToken;
      }
      return token;
    },
  },
})

但是当我传递我自己的令牌时,它与谷歌得到的令牌相同,它只是拒绝我的 oauth 客户端并发送消息 The API returned an error: Error: unauthorized_client

这是获取令牌https://gist.github.com/MislavPeric/ba5e4aaef3c84a88d3ee83ee55630ca9的整个api路由

token google 在未修改的示例中返回 token.json(如他们的文档中所示)

{
  "access_token": "ya29.a0AasdeAmAoGF5BwEev7PS1RLaT0ZvV0v1N9HNAdQb0iMlyGaCpVuBYN2B-Vb-eBK0U",
  "refresh_token": "1//09Basd0yLcen8bG5BbVutOjx3fEAYcHCrvnqZSWXewdU",
  "scope": "https://www.googleapis.com/auth/calendar.readonly",
  "token_type": "Bearer",
  "expiry_date": 1616867523497
}

我传递的令牌与从 google 登录返回的信息一起传递

{
  access_token: 'ya29.a0AfH6SMB-h_QBKYdj3sdsadsa8uiEMzVGVqv00NZgjCvrJqy',
  refresh_token: '1//0sadsada',
  scope: 'https://www.googleapis.com/auth/calendar.readonly',
  token_type: 'Bearer',
  expiry_date: 1616864309869
}

【问题讨论】:

  • 自定义令牌是什么意思?您不能创建自己的令牌来访问 API 令牌必须来自 Google 的身份验证服务器并由其创建。请编辑您的问题并向我们展示您是如何创建此令牌的。
  • 自定义令牌措辞不当。我正在使用谷歌登录提供的令牌谷歌
  • 什么谷歌登录我们需要一个minimal reproducible example你的问题。

标签: node.js oauth-2.0 google-oauth next.js


【解决方案1】:

您应该关注官方 Node.js quickstart 以了解如何连接到 Google 日历。

const fs = require('fs');
const readline = require('readline');
const {google} = require('googleapis');

// If modifying these scopes, delete token.json.
const SCOPES = ['https://www.googleapis.com/auth/calendar.readonly'];
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
const TOKEN_PATH = 'token.json';

// Load client secrets from a local file.
fs.readFile('credentials.json', (err, content) => {
  if (err) return console.log('Error loading client secret file:', err);
  // Authorize a client with credentials, then call the Google Calendar API.
  authorize(JSON.parse(content), listEvents);
});

/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 * @param {Object} credentials The authorization client credentials.
 * @param {function} callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) {
  const {client_secret, client_id, redirect_uris} = credentials.installed;
  const oAuth2Client = new google.auth.OAuth2(
      client_id, client_secret, redirect_uris[0]);

  // Check if we have previously stored a token.
  fs.readFile(TOKEN_PATH, (err, token) => {
    if (err) return getAccessToken(oAuth2Client, callback);
    oAuth2Client.setCredentials(JSON.parse(token));
    callback(oAuth2Client);
  });
}

/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 * @param {google.auth.OAuth2} oAuth2Client The OAuth2 client to get token for.
 * @param {getEventsCallback} callback The callback for the authorized client.
 */
function getAccessToken(oAuth2Client, callback) {
  const authUrl = oAuth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: SCOPES,
  });
  console.log('Authorize this app by visiting this url:', authUrl);
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
  });
  rl.question('Enter the code from that page here: ', (code) => {
    rl.close();
    oAuth2Client.getToken(code, (err, token) => {
      if (err) return console.error('Error retrieving access token', err);
      oAuth2Client.setCredentials(token);
      // Store the token to disk for later program executions
      fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) => {
        if (err) return console.error(err);
        console.log('Token stored to', TOKEN_PATH);
      });
      callback(oAuth2Client);
    });
  });
}

/**
 * Lists the next 10 events on the user's primary calendar.
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function listEvents(auth) {
  const calendar = google.calendar({version: 'v3', auth});
  calendar.events.list({
    calendarId: 'primary',
    timeMin: (new Date()).toISOString(),
    maxResults: 10,
    singleEvents: true,
    orderBy: 'startTime',
  }, (err, res) => {
    if (err) return console.log('The API returned an error: ' + err);
    const events = res.data.items;
    if (events.length) {
      console.log('Upcoming 10 events:');
      events.map((event, i) => {
        const start = event.start.dateTime || event.start.date;
        console.log(`${start} - ${event.summary}`);
      });
    } else {
      console.log('No upcoming events found.');
    }
  });
}

确保您在 google 开发者控制台上为此示例创建了 installed credentials 并启用了 Google drive API。

【讨论】:

  • 这个例子对我来说运行正常。问题是它不适合我的用例。由于显而易见的原因,我需要能够将用户信息从后端传递到下一个 API 路由并通过命令行跳过授权。这个想法是用户使用next-auth 登录并从那里自动获取日历数据
猜你喜欢
  • 1970-01-01
  • 2015-06-02
  • 2020-01-18
  • 1970-01-01
  • 2019-02-18
  • 2015-08-26
  • 1970-01-01
  • 2013-11-02
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode