我正在尝试在服务器到服务器JSON API方案中创建oauth2 access_token。但是因为invalid_grant错误而失败了,请帮忙。
from oauth2client.client import SignedJwtAssertionCredentials
KEY_FILE = 'xxxxxxxxxxxx-privatekey.p12'
with open(KEY_FILE, 'r') as fd:
key = fd.read()
SERVICE_ACCOUNT_EMAIL = 'xxxxxx.apps.googleusercontent.com'
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
scope="https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/userinfo.email",
token_uri='https://accounts.google.com/o/oauth2/token')
assertion = credentials._generate_assertion()
h = httplib2.Http()
credentials._do_refresh_request(h.request)
我得到了
Traceback (most recent call last):
File "/Users/pahud/Projects/oauth2client/x.py", line 24, in <module>
credentials._do_refresh_request(h.request)
File "/Users/pahud/Projects/oauth2client/oauth2client/client.py", line 710, in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
oauth2client.client.AccessTokenRefreshError: invalid_grant
[Finished in 0.7s with exit code 1]
答案 0 :(得分:12)
我修好了。
SERVICE_ACCOUNT_EMAIL = 'xxxxxx.apps.googleusercontent.com'
以上是客户端ID而不是电子邮件,我已修复此问题,现在正在运行。
答案 1 :(得分:2)
I have the same problem.
To solve the problem, you need to notice the following elements:
Did you use client_secrets.json in your program? If yes, check whether the name is the same as that in your current directory.
The "client_email
" or the "SERVICE_ACCOUNT_EMAIL
" is not your personal email or the client id. It is "client id's email". You can check that email in https://console.developers.google.com/project/ ==>credentials==>Service account==>email address
.
Basically, if your client id is:<clientid>.apps.googleusercontent.com
You client email here would be:<clientid>@developer.gserviceaccount.com
答案 2 :(得分:0)
在我的情况下,问题出在.boto文件中。尝试使用服务帐户中的凭据再次配置它。
对于使用后备的人:gcs_oauth2_boto_plugin.SetFallbackClientIdAndSecret(CLIENT_ID, CLIENT_SECRET)
用于后备任何“本机应用程序的客户端ID”。这不是必要的,如:https://cloud.google.com/storage/docs/gspythonlibrary
但我无法找到其他方式,没有它就抛出错误。