Google 日历 API 401 "Invalid Credentials"
Google Calendar API 401 "Invalid Credentials"
一些(但不是全部)Google 帐户在尝试访问 Google 日历时始终以 401 响应 API 尽管 tokeninfo 告诉我我正在使用的访问令牌有正确的范围(请参阅下面的 curl 输出)。我可以使用刷新令牌成功获取新的访问令牌,但日历 api 继续到 401.
有谁知道为什么会发生这种情况?
$ curl -v https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /oauth2/v3/tokeninfo?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Tue, 18 Oct 2016 22:00:45 GMT
< Vary: X-Origin
< Content-Type: application/json; charset=UTF-8
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"azp": "[redacted].apps.googleusercontent.com",
"aud": "[redacted].apps.googleusercontent.com",
"sub": "[redacted]",
"scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar",
"exp": "1476831626",
"expires_in": "3581",
"email": "[redacted]",
"email_verified": "true",
"access_type": "offline"
}
* Connection #0 to host www.googleapis.com left intact
$ curl -v https://www.googleapis.com/calendar/v3/users/me/calendarList?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /calendar/v3/users/me/calendarList?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Vary: X-Origin
< WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 18 Oct 2016 22:01:14 GMT
< Expires: Tue, 18 Oct 2016 22:01:14 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
* Connection #0 to host www.googleapis.com left intact
我能够通过创建一个 google 应用程序用户来重现这种情况,该用户的 sub-organization 关闭了 Google 日历。 Google 仍将允许用户授予日历访问权限,并指示范围已被授予,但当您尝试调用任何 Google 日历 API 端点访问时,将以描述的方式返回 401令牌。
Google,在请求访问已被管理员关闭的应用时,请使您的错误消息更清晰或阻止初始范围授予!
即使启用了 Google 日历,我的客户也会遇到这种情况。
原来他们让 14 天的免费试用期到期,并且没有输入信用卡付款。一旦他们对它进行排序,错误就消失了。
一些(但不是全部)Google 帐户在尝试访问 Google 日历时始终以 401 响应 API 尽管 tokeninfo 告诉我我正在使用的访问令牌有正确的范围(请参阅下面的 curl 输出)。我可以使用刷新令牌成功获取新的访问令牌,但日历 api 继续到 401.
有谁知道为什么会发生这种情况?
$ curl -v https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /oauth2/v3/tokeninfo?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Tue, 18 Oct 2016 22:00:45 GMT
< Vary: X-Origin
< Content-Type: application/json; charset=UTF-8
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"azp": "[redacted].apps.googleusercontent.com",
"aud": "[redacted].apps.googleusercontent.com",
"sub": "[redacted]",
"scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar",
"exp": "1476831626",
"expires_in": "3581",
"email": "[redacted]",
"email_verified": "true",
"access_type": "offline"
}
* Connection #0 to host www.googleapis.com left intact
$ curl -v https://www.googleapis.com/calendar/v3/users/me/calendarList?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /calendar/v3/users/me/calendarList?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Vary: X-Origin
< WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 18 Oct 2016 22:01:14 GMT
< Expires: Tue, 18 Oct 2016 22:01:14 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
* Connection #0 to host www.googleapis.com left intact
我能够通过创建一个 google 应用程序用户来重现这种情况,该用户的 sub-organization 关闭了 Google 日历。 Google 仍将允许用户授予日历访问权限,并指示范围已被授予,但当您尝试调用任何 Google 日历 API 端点访问时,将以描述的方式返回 401令牌。
Google,在请求访问已被管理员关闭的应用时,请使您的错误消息更清晰或阻止初始范围授予!
即使启用了 Google 日历,我的客户也会遇到这种情况。
原来他们让 14 天的免费试用期到期,并且没有输入信用卡付款。一旦他们对它进行排序,错误就消失了。