请求“plus.login”范围后调用ProcessUserAuthorization时的BadRequest

时间:2013-10-31 08:57:52

标签: oauth-2.0 google-plus dotnetopenauth google-oauth

将代码更新到新范围时遇到问题。目前我使用userinfo.profile,一切正常。

根据Google+ OAuth 2.0 scopesplus.me范围允许应用知道用户是谁,plus.login还提供额外的访问权限(年龄,语言,圈子等)。

如果我将userinfo.profile替换为plus.me - 一切正常:方法WebServerClient.RequestUserAuthorization授权用户,ProcessUserAuthorization给我一个代币。

但是,如果我问plus.login范围,那么Google会在我的回调中添加其他查询参数,并且对WebServerClient.ProcessUserAuthorization的下一次调用失败,因为实现使用当前的rul来创建新的redirect_url,条带化“已知的“参数和离开”新的未知“谷歌参数。他的redirect_url与Google Api控制台中注册的不匹配,Google服务器返回400响应。

以下是plus.me范围授权的成功响应(来自NetOpenAuth.Messaging.Channel日志):

Incoming HTTP request: GET http://localhost:40004/Me/LoginComplete?from=Google&state=TWXf6Zq3XYSlwyfCDt3GiQ&code=4/qC_KeuiykcVm1sayIyEdnBjiklxz.AoMfk5TqaXQcsNf4jSVKMpY-GxwThAI

After binding element processing, the received EndUserAuthorizationSuccessAuthCodeResponse (2.0) message is: 
    code: 4/qC_KeuiykcVm1sayIyEdnBjiklxz.AoMfk5TqaXQcsNf4jSVKMpY-GxwThAI
    state: TWXf6Zq3XYSlwyfCDt3GiQ
    from: Google

以下是plus.login范围的(成功)授权回复:

Incoming HTTP request: GET http://localhost:40004/Me/LoginComplete?from=Google&state=26R-O3YN6u3-5EKIlJzFFw&code=4/zOoeVq8vec068x2-CyPq4PjPNtRT.osemzp8Zl7sQsNf4jSVKMpbcmWQThAI&authuser=0&prompt=consent&session_state=27ca4bd2e70d0721bc1fa781b900a558e59fe4c7..d409

After binding element processing, the received EndUserAuthorizationSuccessAuthCodeResponse (2.0) message is: 
    code: 4/zOoeVq8vec068x2-CyPq4PjPNtRT.osemzp8Zl7sQsNf4jSVKMpbcmWQThAI
    state: 26R-O3YN6u3-5EKIlJzFFw
    from: Google
    authuser: 0
    prompt: consent
    session_state: 27ca4bd2e70d0721bc1fa781b900a558e59fe4c7..d409

调用令牌(对于plus.me范围)将成功:

Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token: 
    code: 4/qC_KeuiykcVm1sayIyEdnBjiklxz.AoMfk5TqaXQcsNf4jSVKMpY-GxwThAI
    redirect_uri: http://localhost:40004/Me/LoginComplete?from=Google
    grant_type: authorization_code
    client_id: 175802076419.apps.googleusercontent.com
    client_secret: ********

但是使用plus.login范围3个新参数(authuser,prompt,session_state)将传输到redirect_url param:

Prepared outgoing AccessTokenAuthorizationCodeRequestC (2.0) message for https://accounts.google.com/o/oauth2/token: 
    code: 4/zOoeVq8vec068x2-CyPq4PjPNtRT.osemzp8Zl7sQsNf4jSVKMpbcmWQThAI
    redirect_uri: http://localhost:40004/Me/LoginComplete?from=Google&authuser=0&prompt=consent&session_state=27ca4bd2e70d0721bc1fa781b900a558e59fe4c7..d409
    grant_type: authorization_code
    client_id: 175802076419.apps.googleusercontent.com
    client_secret: ********

一旦此redirect_url与注册不匹配,我就会收到错误:

https://accounts.google.com/o/oauth2/token returned 400 BadRequest: Bad Request

OAuth2 spec表示授权响应中需要参数codestate,并说明了添加其他参数。但它也说

  

客户端必须忽略无法识别的响应参数

这是否意味着这是DNOA问题,而不是Google问题?

可能是DNOA必须将可为空的responseUri参数添加到ProcessUserAuthorization并使用它而不是从当前网址猜测...

最简单的解决方法是什么(使用Google库除外)?

更新

以下是/ oauth

的原始请求 
Prepared outgoing EndUserAuthorizationRequestC (2.0) message for https://accounts.google.com/o/oauth2/auth: 
    client_id: 175802076419.apps.googleusercontent.com
    redirect_uri: http://localhost:40004/Me/LoginComplete?from=Google
    state: TWXf6Zq3XYSlwyfCDt3GiQ
    scope: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me
    response_type: code

0 个答案:

没有答案
相关问题
最新问题