3

我正在尝试授权 Google Play Android Developer API。我正处于需要发出 HTTP 发布请求以交换访问令牌和刷新令牌的授权代码的步骤。Google给出了以下示例请求:

POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded

code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.appspot.com/code&
grant_type=authorization_code

我很困惑...首先,对于已安装的应用程序(Android),没有给出 client_secret。我在 Google API 控制台中为同一个项目创建了一个 Web 应用程序,这给了我一个 client_secret,所以我使用了它,即使没有 Web 应用程序。以下代码给了我一个“invalid_grant”错误:

HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://accounts.google.com/o/oauth2/token");

try {
    List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(5);
    nameValuePairs.add(new BasicNameValuePair("code", "CODE"));
    nameValuePairs.add(new BasicNameValuePair("client_id", "CLIENT_ID"));
    nameValuePairs.add(new BasicNameValuePair("client_secret", "CLIENT_SECRET"));
    nameValuePairs.add(new BasicNameValuePair("redirect_uri", "urn:ietf:wg:oauth:2.0:oob"));
    nameValuePairs.add(new BasicNameValuePair("grant_type", "authorization_code"));
    httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

    HttpResponse response = httpclient.execute(httppost);
    ....

完全取出 client_secret 给了我一个“invalid_request”错误。

4

2 回答 2

3

这就是我解决它的方法。我最终使用了 Web Applcation。在我的回复中查看更多详细信息

HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("https://accounts.google.com/o/oauth2/token");

List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("grant_type",    "refresh_token"));
nameValuePairs.add(new BasicNameValuePair("client_id",      CLIENT_ID));
nameValuePairs.add(new BasicNameValuePair("client_secret",  CLIENT_SECRET));
nameValuePairs.add(new BasicNameValuePair("refresh_token",  REFRESH_TOKEN));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));

HttpResponse response = client.execute(post);
于 2012-10-25T17:12:12.263 回答
1

我已经设法在没有Web应用程序帮助的情况下从android应用程序兑换访问令牌的访问代码,方法是简单地消除client_secret密钥,因为它不适用于已安装的应用程序。

HttpPost httppost = new HttpPost("https://accounts.google.com/o/oauth2/token");
httppost.setHeader("Content-type", "application/x-www-form-urlencoded");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("grant_type",    "authorization_code"));
nameValuePairs.add(new BasicNameValuePair("client_id",      BLOGGER_CLIENT_ID));
nameValuePairs.add(new BasicNameValuePair("redirect_uri",  "http://localhost"));
nameValuePairs.add(new BasicNameValuePair("code", BLOGGER_ACCESS_CODE));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpClient httpClient = new DefaultHttpClient(myParams);
response = httpClient.execute(httppost);
String returnedJsonStr = EntityUtils.toString(response.getEntity());
JSONObject jsonObject = new JSONObject(returnedJsonStr);
String receivedToken = jsonObject.getString("access_token");

发表此评论的原因是,您的解决方案可能会误导那些可能认为在移动应用程序中获取访问令牌的唯一方法是通过网络应用程序的人,这是我在几分钟前阅读您的帖子后想到的!

为避免 invalid_grant 错误,请遵循以下代码: https ://stackoverflow.com/a/14141020/989418

于 2013-01-03T10:39:17.400 回答