Google API OAuth 2.0 CURL返回“缺少必需参数:grant_type”

时间:2011-11-19 23:12:33

标签: php curl oauth google-api

我正在尝试为网络服务器应用程序实施Google的OAuth 2.0身份验证。

我可以从Google确定获取代码,但是当我发回这个代码以尝试获取访问令牌时,它总是会给我错误“必需参数丢失:grant_type。错误400”,即使grant_type存在。

此外,如果我将content-length指定为0以外的任何值,则会引发其他错误。

以下是执行此卷曲帖子的代码:

$url = 'https://accounts.google.com/o/oauth2/token';
$ch = curl_init($url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
curl_setopt($ch, CURLOPT_FAILONERROR, false);  
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); 

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded',
    'Content-length: 0'
));

curl_setopt($ch, CURLOPT_POSTFIELDS, array( 
    'code='. urlencode($code),
    'client_id=' . urlencode($clientID),
    'client_secret=' . urlencode($clientSecret),
    'redirect_uri=http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php',
    'grant_type=authorization_code'
));

6 个答案:

答案 0 :(得分:7)

curl_setopt($ch, CURLOPT_POSTFIELDS, array( 
    'code' => $code,
    'client_id' => $clientID,
    'client_secret' => $clientSecret,
    'redirect_uri' => 'http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php',
    'grant_type' => 'authorization_code'
)); 


curl_setopt($ch, CURLOPT_POSTFIELDS,
    'code=' . urlencode($code) . '&' .
    'client_id=' . urlencode($clientID) . '&' .
    'client_secret=' . urlencode($clientSecret) . '&' .
    'redirect_uri=http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php' . '&' .
    'grant_type=authorization_code'
);

答案 1 :(得分:1)

在研究这个问题之后,似乎不接受数组格式中的grant_type。 (是的,查询字符串方法有效,但构建起来很麻烦。)

如果您热衷于将POST字段保留在数组中,则将http_build_query()添加到数组中。

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array( 
    'code' => $code,
    'client_id' => $clientID,
    'client_secret' => $clientSecret,
    'redirect_uri' => 'http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php',
    'grant_type' => 'authorization_code'
)));

答案 2 :(得分:1)

我试图在原始问题中使用PHP代码加上此处提供的答案,并不断收到来自Google令牌服务器的关于缺少“grant_type”的投诉,即使它确实被传入。事实证明问题是CURLOPT_HTTPHEADER不喜欢/需要'Content-length:0'。希望这个完整的工作代码可以为其他人节省同样的头痛...... 

// This is what Google's OAUTH server sends to you
$code = $_GET['code'];

// These come from your client_secret.json file
$clientID = "your client id.apps.googleusercontent.com";
$clientSecret = "your client secret";
$redirectURI = "your redirect URI";
$token_uri = 'https://accounts.google.com/o/oauth2/token';


$ch = curl_init($token_uri);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
curl_setopt($ch, CURLOPT_FAILONERROR, false);  
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded'
));

// Build the URLEncoded post data
$postFields = http_build_query(array( 
    'client_secret' => $clientSecret,
    'grant_type' => 'authorization_code',
    'redirect_uri' => $redirectURI,
    'client_id' => $clientID,
    'code' => $code
));
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields); 

$response = curl_exec($ch);

// Save response, especially the "refresh_token"
$pathToAccessToken = "/your/path/to/access_token.json";
file_put_contents($pathToAccessToken, $response);

仅供参考,响应JSON看起来像这样:

{
  "access_token" : "xxxWhateverGibberish", 
  "token_type" : "Bearer", 
  "expires_in" : 3600, 
  "refresh_token" : "yyyMoreGibberish" 
}

之后,我可以使用以下代码成功查询日历(API范围,我原来的OAuth请求):

function getClient() {
  $client = new Google_Client();
  $client->setApplicationName(APPLICATION_NAME);
  $client->setScopes(SCOPES);
  $client->setAuthConfigFile(CLIENT_SECRET_PATH);
  $client->setAccessType('offline');

  // Load previously authorized credentials from a file.
  $pathToAccessToken = "/your/path/to/access_token.json";
  $accessToken = file_get_contents($pathToAccessToken);
  $client->setAccessToken($accessToken);

  // Refresh the token if it's expired.
  if ($client->isAccessTokenExpired()) {
    $client->refreshToken($client->getRefreshToken());
    file_put_contents($pathToAccessToken, $client->getAccessToken());
  }

  return $client;
}

$client = getClient();
$service = new Google_Service_Calendar($client);

// Print the next 10 events on the user's calendar.
$calendarId = 'primary';
$optParams = array(
      'maxResults' => 10,
      'orderBy' => 'startTime',
      'singleEvents' => TRUE,
      'timeMin' => date('c'),
);
$results = $service->events->listEvents($calendarId, $optParams);

if (count($results->getItems()) == 0) {
    print "No upcoming events found.\n";
} else {
    print "Upcoming events:\n";
    foreach ($results->getItems() as $event) {
        $start = $event->start->dateTime;
        if (empty($start)) {
          $start = $event->start->date;
        }
        printf("%s (%s)\n", $event->getSummary(), $start);
    }
}

答案 3 :(得分:0)

请仔细阅读CURLOPT_POSTFIELDS的文档:

  

...作为一个数组,字段名称为键,字段数据为值

你做的只是一件事而不是那件事。尝试:

curl_setopt($ch, CURLOPT_POSTFIELDS, array( 
    'code' => $code,
    'client_id' => $clientID,
    ...

在这种情况下,您不需要urlencode

答案 4 :(得分:0)

我不想相信它,但奇怪的是,只需从CURLOPT_POSTFIELDS从数组切换到'&'连接字符串(使用相同的数据!)让我的OAuth服务器最终识别grant_type。

答案 5 :(得分:0)

原始问题和部分答案的核心问题是使用密钥curl_setoptCURLOPT_POSTFIELDS调用中接受的不同值。

当输入是一个数组时,生成的Content-Type将是multipart/form-data,它不符合OAuth 2.0规范,服务器将忽略它。当输入是查询编码的字符串(例如使用http_build_query构建)时,Content-Type:将为application/x-www-form-urlencoded,这是规范要求的。

参见" Notes"部分位于:http://php.net/manual/en/function.curl-setopt.php

相关问题
最新问题