如何将urn:ietf:wg:oauth: 2.0 :oob设置为在Googleauth2.0中重定向uri
我在同一个弹出窗口中获取auth代码时遇到了问题,而不是将用户重定向到google中的另一个页面。我试图访问,为此,我使用了auth 2。我需要更改什么才能在同一个google提示中获得auth代码?我在用WordPress。
编辑:我已经创建了新的auth桌面客户端,现在我可以像上面提到的那样设置重定向URI,并使用它可以创建auth代码和访问令牌。但是,在调用admin时,我得到了ACCESS_TOKEN_SCOPE_INSUFFICIENT错误。我已经检查了管理和数据API,两者都在我的google控制台中启用。当我使用web应用程序auth客户端时,同样的情况也很好,但我们的要求是使用已安装的插件,因为它在提示符内提供了auth代码。
下面是创建access_token的过程,它工作得很好:
if (isset($_POST["save_code"]) && isset($_POST["access_code"])) {
$authCode = $_POST["access_code"];
$client = new Google_Client();
$client->setClientId('***');
$client->setClientSecret('***');
$client->setDeveloperKey('***');
// $client->addScope('https://www.googleapis.com/auth/analytics.readonly');
$client->setScopes([
'https://www.googleapis.com/auth/analytics',
'openid',
'https://www.googleapis.com/auth/analytics.readonly'
]);
$client->setRedirectUri('urn:ietf:wg:oauth:2.0:oob');
$client->setAccessType('offline');
$client->setIncludeGrantedScopes(true);
$client->authenticate($authCode);
$access_token = $client->getAccessToken();
var_dump($access_token);
// echo "<pre>";
// print_r($access_token);
// exit;
}
$url = http_build_query(
array(
'next' => 'http://myproject.local.com/wp-admin/admin.php?page=analytify-settings',
'scope' => 'https://www.googleapis.com/auth/analytics',
'response_type' => 'code',
'redirect_uri' => 'urn:ietf:wg:oauth:2.0:oob',
'client_id' => '***'
)
);
?>
<form action="<?php echo str_replace('%7E', '~', $_SERVER['REQUEST_URI']); ?>" method="post" name="settings_form" id="settings_form">
<table width="1004" class="form-table">
<tbody>
<tr>
<th width="115">Authentication:</th>
<td width="877">
<a target="_blank" href="javascript:void(0);" onclick="window.open('https://accounts.google.com/o/oauth2/auth?<?php echo $url ?>', 'activate', 'width=700,height=500,toolbar=0,menubar=0,location=0,status=1,scrollbars=1,resizable=1,left=0,top=0');">Click here to Authenticate</a>
</td>
</tr>
<tr>
<th>Your Access Code:</th>
<td>
<input type="text" name="access_code" value="" style="width:450px;" />
</td>
</tr>
<tr>
<th></th>
<td>
<p class="submit">
<input type="submit" class="button-primary" value="Save Changes" name="save_code" />
</p>
</td>
</tr>
</tbody>
</table>
</form>创建管理客户端:
$admin_client = new AnalyticsAdminServiceClient([
'credentials' => Google\ApiCore\CredentialsWrapper::build([
'scopes' => [
'https://www.googleapis.com/auth/analytics',
'openid',
'https://www.googleapis.com/auth/analytics.readonly',
],
'keyFile' => [
'type' => 'authorized_user',
'client_id' => '***',
'client_secret' => '***',
'refresh_token' => 'my refresh token'
],
]),
]);
$accounts = $this->admin_client->listAccountSummaries();上面的代码给出了这个错误:
致命错误: Uncaught Google\ApiCore\ApiException:{“ACCESS_TOKEN_SCOPE_INSUFFICIENT”:"ACCESS_TOKEN_SCOPE_INSUFFICIENT","googleapis.com","errorInfoMetadata":{“方法”:"analyticsadmin.googleapis.com“},”消息“:”请求没有足够的身份验证范围。“,”代码“:7,”状态“:"PERMISSION_DENIED",“详细信息”:{ "@type":“type.googlevis.com/google.rpc.ErrorInfo”,"ACCESS_TOKEN_SCOPE_INSUFFICIENT",“域”:"googleapis.com",“元数据”:{“方法”:pathToProject\vendor\google\gax\src\ApiException.php“服务”:"analyticsadmin.googleapis.com“}}
回答 1
Stack Overflow用户
发布于 2022-07-14 12:46:32
让我们从ACCESS_TOKEN_SCOPE_INSUFFICIENT开始
如果您检查文档帐户摘要列表,它需要下列范围之一
因此,错误消息意味着您要发送的访问令牌没有使用这些作用域之一进行授权。
我的猜测是,您使用https://www.googleapis.com/auth/analytics授权它,然后在后面添加readonly,而没有删除旧令牌。您需要再次授权应用程序与适当的范围。
OOB
由于oob的删除,您不能使用此
$client->setRedirectUri('urn:ietf:wg:oauth:2.0:oob');请检查(使用更安全的OAuth流使Google OAuth交互更加安全)。您不需要添加它,但是如果您想要尝试https://127.0.0.1
看看我的样本
function getClient()
{
$client = new Client();
$client->setApplicationName('Google analytics admin beta Oauth2');
$client->setScopes('https://www.googleapis.com/auth/analytics.readonly');
$client->setAuthConfig(getenv('GOOGLE_APPLICATION_CREDENTIALS'));
$client->setAccessType('offline');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'tokenAdmin.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
// If there is no previous token or it's expired.
if ($client->isAccessTokenExpired()) {
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if (array_key_exists('error', $accessToken)) {
throw new Exception(join(', ', $accessToken));
}
}
// Save the token to a file.
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}https://stackoverflow.com/questions/72967635
复制相似问题
腾讯云开发者
