您的位置: 首页  >  技术问答  >  使用刷新令牌异常{"error" :"invalid_grant"; }'

使用刷新令牌异常{"error" :"invalid_grant"; }'

分类: 技术问答 2022-03-21 10:33:20

使用刷新令牌异常{

问题描述:

我已经成功构建了一个获取访问和刷新令牌的应用程序.

I've successfully built an application that fetches an access and refresh token.

在我的脚本中,我检查访问令牌是否有效,如果无效,则使用刷新令牌来获取访问权限$client->refreshToken($refreshToken);

In my script I check if the access token is valid and if not I then use the refresh token to gain access $client->refreshToken($refreshToken);

完整的代码

    $refreshToken = '<REFRESH_TOKEN>';

    $client_id = '<CLIENT_ID>';
    $client_secret = '<CLIENT_SECRET>';

    // Setup infomation
    $client = new Google_Client();
    $client->setClientId($client_id);
    $client->setClientSecret($client_secret);
    $client->setAccessType("offline");
    $client->addScope("https://mail.google.com/");

    // If access token is not valid use refresh token
    if($client->isAccessTokenExpired()) {

        // Use refresh token
        $client->refreshToken($refreshToken);

    } else {

        // Use access token
        echo $client->setAccessToken($accessToken);

    }

但是,当尝试使用刷新令牌时,我会感到很遗憾:

However when trying to use the refresh token I get an excpetion :

Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }''

在OAuth2规范中,"invalid_grant"是针对与无效/过期/吊销的令牌(身份验证授予或刷新令牌)相关的所有错误的综合解决方案

In the OAuth2 spec, "invalid_grant" is sort of a catch-all for all errors related to invalid/expired/revoked tokens (auth grant or refresh token).

有很多 个潜在的问题原因,这是清单:

There's a lot potential causes for the problems, here's a checklist:

  1. 服务器时钟/时间不同步
  2. 未获得离线访问权限
  3. 被Google扼杀
  4. 使用过期的刷新令牌
  5. 用户已停用6个月了
  6. 使用服务人员电子邮件代替客户端ID
  7. 短时间内访问令牌太多
  8. 客户端SDK可能已过时
  9. 刷新令牌不正确/不完整
  10. 用户已积极撤消对我们应用的访问权限
  11. 用户已重置/恢复了自己的Google密码
  1. Server clock/time is out of sync
  2. Not authorized for offline access
  3. Throttled by Google
  4. Using expired refresh tokens
  5. User has been inactive for 6 months
  6. Use service worker email instead of client ID
  7. Too many access tokens in short time
  8. Client SDK might be outdated
  9. Incorrect/incomplete refresh token
  10. User has actively revoked access to our app
  11. User has reset/recovered their Google password

我写了一篇简短的文章,其中总结了每个项目,并提供了一些调试指南,以帮助找到罪魁祸首.我们花了几天时间来解决这个问题,希望它可以帮助其他人将时间变成数小时.

I've written a short article summarizing each item with some debugging guidance to help find the culprit. We spent days hunting this down, hope it may help others turn those days into hours.

相关推荐