Google OAuth2 Java API 在 callback/redirect URI 中设置状态
Google OAuth2 Java API set state in callback/redirect URI
我想在我的重定向 URI 中设置 state 参数,如 https://developers.google.com/identity/protocols/oauth2/web-server#redirecting
中所述
https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=https%3A//oauth2.example.com/code&
client_id=client_id
我的代码是根据 Google 在 https://developers.google.com/api-client-library/java/google-api-java-client/oauth2#web_server_applications
的文档
public class CalendarServletSample extends AbstractAuthorizationCodeServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException {
// do stuff
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new GoogleAuthorizationCodeFlow.Builder(
new NetHttpTransport(), GsonFactory.getDefaultInstance(),
"[[ENTER YOUR CLIENT ID]]", "[[ENTER YOUR CLIENT SECRET]]",
Collections.singleton(CalendarScopes.CALENDAR)).setDataStoreFactory(
DATA_STORE_FACTORY).setAccessType("offline").build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
如何在我的重定向 URI 中设置 state?
我试过这个:
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
url.set("state", "myspecialname");
return url.build();
}
但是Google告诉我:
Authorization Error
Error 400: invalid_request
Invalid redirect_uri contains reserved response param state
此答案将覆盖 onAuthorization:
@Override
protected void onAuthorization(HttpServletRequest req, HttpServletResponse resp,
AuthorizationCodeRequestUrl authorizationUrl) throws ServletException, IOException {
authorizationUrl.setState("myspecialstate");
super.onAuthorization(req, resp, authorizationUrl);
}
我想在我的重定向 URI 中设置 state 参数,如 https://developers.google.com/identity/protocols/oauth2/web-server#redirecting
https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=https%3A//oauth2.example.com/code&
client_id=client_id
我的代码是根据 Google 在 https://developers.google.com/api-client-library/java/google-api-java-client/oauth2#web_server_applications
的文档public class CalendarServletSample extends AbstractAuthorizationCodeServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException {
// do stuff
}
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
return url.build();
}
@Override
protected AuthorizationCodeFlow initializeFlow() throws IOException {
return new GoogleAuthorizationCodeFlow.Builder(
new NetHttpTransport(), GsonFactory.getDefaultInstance(),
"[[ENTER YOUR CLIENT ID]]", "[[ENTER YOUR CLIENT SECRET]]",
Collections.singleton(CalendarScopes.CALENDAR)).setDataStoreFactory(
DATA_STORE_FACTORY).setAccessType("offline").build();
}
@Override
protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
// return user ID
}
}
如何在我的重定向 URI 中设置 state?
我试过这个:
@Override
protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
GenericUrl url = new GenericUrl(req.getRequestURL().toString());
url.setRawPath("/oauth2callback");
url.set("state", "myspecialname");
return url.build();
}
但是Google告诉我:
Authorization Error
Error 400: invalid_request
Invalid redirect_uri contains reserved response param state
此答案将覆盖 onAuthorization:
@Override
protected void onAuthorization(HttpServletRequest req, HttpServletResponse resp,
AuthorizationCodeRequestUrl authorizationUrl) throws ServletException, IOException {
authorizationUrl.setState("myspecialstate");
super.onAuthorization(req, resp, authorizationUrl);
}