我为少数OAuth2-OpenIdConnect提供程序实现了OpenIDConnect身份验证/配置/联合的客户端。但是我没有让Google OpenID People https://developers.google.com/+/api/openidconnect/getOpenIdConnect工作。
我对OpenID身份验证/授权的第一部分没有任何问题,并且可以毫无问题地从JSONWEBtoken获取身份令牌。然而,我无法访问$ identityApiUrl。奇怪的是旧谷歌的userinfo API工作!只有新版本才会因授权错误而失败。
对于PeopleAPI,我使用了一个重新使用access_token的Bearer令牌,我得到了我的授权请求。就像我使用旧API一样。
在我的代码中使用我使用的URL和范围的简短摘录以及错误之后,我在手动重放卷曲请求时得到了。
问题:
使用API&#39的网址从代码中提取
// main IDP configuration URLs
protected $openidconnect = true; // Google supports OpenID-Connect
protected $authTokenUrl = 'https://accounts.google.com/o/oauth2/auth';
protected $accessTokenUrl= 'https://www.googleapis.com/oauth2/v3/token';
// I fail to get Google People OpenIdConnect API to work :(
//protected $identityApiUrl= 'https://www.googleapis.com/plus/v1/people/me/OpenIdConnect';
protected $identityApiUrl= 'https://www.googleapis.com/oauth2/v1/userinfo';
// OAuth2 action-1: getAuthUrl($state) build authorization token url
protected $scopes = ['openid','email','profile']; // request authentication & email
使用curl重播请求时的错误代码
[apache@vz-bzh GeoToBe]$ curl -X GET -H "Authorization: Bearer ya29.5ABSl_75eP_zYFho_E-wVjPlZJc1XfY398HZqJjMxvRxBEWteLKZwNeh2v0BPwWuoH1iLpESeBQvFw" https://www.googleapis.com/plus/v1/people/me/openIdConnect
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
}
}
答案 0 :(得分:4)
您需要启用" Google+ API"在API&在Google API控制台中使用身份验证。