Google Calendar API 401"凭据无效"

时间:2017-01-20 08:19:35

标签: google-calendar-api google-oauth

有些(但不是全部)Google帐户在尝试访问Google Calendar API时始终回复401,尽管tokeninfo告诉我我使用的访问令牌具有适当的范围(请参阅下面的curl输出)。我可以使用刷新令牌成功获取新的访问令牌,但日历api仍然是401。

有没有人知道为什么会这样?

$ curl -v https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[redacted]
*   Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /oauth2/v3/tokeninfo?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Tue, 18 Oct 2016 22:00:45 GMT
< Vary: X-Origin
< Content-Type: application/json; charset=UTF-8
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
 "azp": "[redacted].apps.googleusercontent.com",
 "aud": "[redacted].apps.googleusercontent.com",
 "sub": "[redacted]",
 "scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar",
 "exp": "1476831626",
 "expires_in": "3581",
 "email": "[redacted]",
 "email_verified": "true",
 "access_type": "offline"
}
* Connection #0 to host www.googleapis.com left intact


$ curl -v https://www.googleapis.com/calendar/v3/users/me/calendarList?access_token=[redacted]
*   Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /calendar/v3/users/me/calendarList?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Vary: X-Origin
< WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 18 Oct 2016 22:01:14 GMT
< Expires: Tue, 18 Oct 2016 22:01:14 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "authError",
    "message": "Invalid Credentials",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 401,
  "message": "Invalid Credentials"
 }
}
* Connection #0 to host www.googleapis.com left intact

2 个答案:

答案 0 :(得分:0)

我能够通过创建一个谷歌应用用户来重现这种情况,该用户的子组织已关闭谷歌日历。 Google仍会允许用户授予日历访问权限,并且会指示已授予范围,但当您尝试使用其访问令牌调用任何Google Calendar API端点时,将以所述方式进行操作。

Google,在请求访问已被管理员关闭的应用时,请将您的错误消息更清楚或阻止初始范围授予!

答案 1 :(得分:0)

即使启用了Google日历,我的客户也会遇到这种情况。

结果证明,他们会让14天免费试用期到期,并且没有输入信用卡付款。对它们进行排序后,错误消失了。

相关问题
最新问题