Question

我有一个GWT Web应用程序。我有一张带有Google令牌和令牌秘密的大桌子。我想转移到OAuth2.0而不重新验证用户。我在Java测试中尝试了以下内容

  String url = "https://accounts.google.com/o/oauth2/token";

    HttpClient client = new DefaultHttpClient();
    HttpPost post = new HttpPost(url);

    String generatedString = Utils.generateRandomString(10);
    String key = new Date().getTime() + "";

    // add header
    post.setHeader("Host", "accounts.google.com");
    post.setHeader("Content-Type", "application/x-www-form-urlencoded");
    post.setHeader("Authorization", "OAuth " +
            "oauth_consumer_key=\"" + CONSUMER_KEY + "\"," +
            "oauth_token=\"" + token + "\"," +
            "oauth_signature_method=\"HMAC-SHA1\"" +
            "timestamp=\"" + key +  "\"," +
            "oauth_nonce=\"" + generatedString + "\"," +
            "oauth_signature=\"" + calculateRFC2104HMAC(key, generatedString) + "\"," +
            "oauth_signature_method=\"HMAC-SHA1\"");

    List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();

    urlParameters.add(new BasicNameValuePair("grant_type", "urn:ietf:params:oauth:grant-type:migration:oauth1"));
    urlParameters.add(new BasicNameValuePair("client_id", CONSUMER_KEY));
    urlParameters.add(new BasicNameValuePair("client_secret", CONSUMER_SECRET));
    urlParameters.add(new BasicNameValuePair("oauth_consumer_key", CONSUMER_KEY));
    urlParameters.add(new BasicNameValuePair("oauth_consumer_secret", CONSUMER_SECRET));
    urlParameters.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
    urlParameters.add(new BasicNameValuePair("oauth_timestamp", "" + new Date().getTime()));
    urlParameters.add(new BasicNameValuePair("oauth_token", token));
    urlParameters.add(new BasicNameValuePair("oauth_token_secret", token));

    post.setEntity(new UrlEncodedFormEntity(urlParameters));

    HttpResponse response = client.execute(post);

    System.out.println("Sending 'POST' request to URL : " + url);
    System.out.println("Post parameters : " + post.getEntity());
    System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

    BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));

    StringBuffer result = new StringBuffer();
    String line;

    while ((line = rd.readLine()) != null) {
        result.append(line);
    }

    System.out.println(result.toString());

但我仍然无法得到足够的回应。我只得到：

回复代码：400
{
＆＃34;错误＆＃34; ：＆＃34; invalid_request＆＃34;，＆＃34; error_description＆＃34; ：＆＃34;无效的授权标题。＆＃34;
}

Answer 1

您需要根据google documentation

生成有效的oauth_signature

有关生成基本字符串的一些有用提示，请参阅this answer

POST主体应该只包含3个参数，如下所示

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Amigration%3Aoauth1&
client_id=8819981768.apps.googleusercontent.com&
client_secret=xxxxxxxxxx

从OAuth2.1迁移到OAuth2.0

回复代码：400
{
＆＃34;错误＆＃34; ：＆＃34; invalid_request＆＃34;，＆＃34; error_description＆＃34; ：＆＃34;无效的授权标题。＆＃34;
}

1 个答案:

从OAuth2.1迁移到OAuth2.0

回复代码：400 {＆＃34;错误＆＃34; ：＆＃34; invalid_request＆＃34;，＆＃34; error_description＆＃34; ：＆＃34;无效的授权标题。＆＃34; }

1 个答案:

回复代码：400
{
＆＃34;错误＆＃34; ：＆＃34; invalid_request＆＃34;，＆＃34; error_description＆＃34; ：＆＃34;无效的授权标题。＆＃34;
}