Google OAuth2 端点总是说无效的客户端 ID

Question

根据their documentation/guide 向 Google OAuth2 API 发出请求时，我不断收到来自https://accounts.google.com/oauth2/v4/token 的401 Unauthorized 响应，即使我发誓我提供了所有必填字段：

POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 311
Content-Type: application/x-www-form-urlencoded

client_id=REDACTED
&client_secret=REDACTED
&code=REDACTED
&grant_type=authorization_code
&redirect_uri=https%3A%2F%2Flocalhost%2Fsso%3Fredirect%3D%252F

回复：

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Date: Wed, 03 Jul 2019 16:14:15 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,43,39"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked

{
  "error": "invalid_client",
  "error_description": "Unauthorized"
}

我已经检查并三重检查了我的 client_id、client_secret、授权主机和 redirect_uri，并查看了堆栈溢出的类似问题，但似乎没有任何工作......为什么这会发生在我身上:(

Answer 1

这是因为 Google 的指南/文档在欺骗您。这不是正确的端点，而不是这样说，它给你的是非常无用的错误消息。希望他们会知道这个 SO 帖子/答案并修复它。要找出用于获取授权令牌的实际 URL，您可以单击 console.developers.google.com 上您的凭据视图页面上的“下载 JSON”按钮，而不仅仅是复制/粘贴 client_id 和 client_secret。然后你会得到如下所示的东西：

{
    "web": {
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "client_id": "REDACTED",
        "client_secret": "REDACTED",
        "javascript_origins": [
            "https://localhost"
        ],
        "project_id": "REDACTED",
        "redirect_uris": [
            "https://localhost/sso?redirect=%2F"
        ],
        "token_uri": "https://oauth2.googleapis.com/token"
    }
}

你有它。 REAL 令牌 URI。