Google 加上 OAuth PHP 401(未授权)
Google Plus OAuth PHP 401 (Unauthorized)
我正在尝试使用 google 和 their tutorial 设置身份验证。我逐字按照说明进行操作,更改了 signin.php 中的 client id 和 client secret。作为记录,google 加 API 在 google 开发人员控制台中启用。我也按照指示更新文件权限(chmod +x signin.php 和 chmod -R 555 vendor/)。但是,在加载我的身份验证 URL(恰好位于我域的 auth_test/ 子目录中,并单击登录按钮后,控制台会为 [=19] 抛出一个 401 (unauthorized) =] 请求已发送 /activites. 我研究了这个问题,发现这可能是由无效令牌引起的,但我不明白这是怎么回事,因为一切都已在 singin.php. 中设置 非常感谢...
如果断开连接以刷新 $tocken,您需要重置应用的状态。
Google API office Docs on Handling API Errors
401: Invalid Credentials
Invalid authorization header. The access token you're using is either
expired or invalid.
{ "error": {
> "errors": [
> {
> "domain": "global",
> "reason": "authError",
> "message": "Invalid Credentials",
> "locationType": "header",
> "location": "Authorization",
> }
> ],
> "code": 401,
> "message": "Invalid Credentials" } }
Suggested action: Refresh the access token using the long-lived
refresh token. If this fails, direct the user through the OAuth flow,
as described in Authorizing Your App
此外,它在第 25 行的 singin.php 中有明确的注释。 98 :
// Normally the state would be a one-time use token, however in our
// simple case, we want a user to be able to connect and disconnect
// without reloading the page. Thus, for demonstration, we don't
// implement this best practice.
//$app['session']->set('state', '');
因此,在您的情况下,您的应用似乎已断开连接,从而导致 $token 变为空。因此在第 91
行强制执行此代码块
if (empty($token)) {
// Ensure that this is no request forgery going on, and that the user
// sending us this connect request is the user that was supposed to.
if ($request->get('state') != ($app['session']->get('state'))) {
return new Response('Invalid state parameter', 401);
}
我正在尝试使用 google 和 their tutorial 设置身份验证。我逐字按照说明进行操作,更改了 signin.php 中的 client id 和 client secret。作为记录,google 加 API 在 google 开发人员控制台中启用。我也按照指示更新文件权限(chmod +x signin.php 和 chmod -R 555 vendor/)。但是,在加载我的身份验证 URL(恰好位于我域的 auth_test/ 子目录中,并单击登录按钮后,控制台会为 [=19] 抛出一个 401 (unauthorized) =] 请求已发送 /activites. 我研究了这个问题,发现这可能是由无效令牌引起的,但我不明白这是怎么回事,因为一切都已在 singin.php. 中设置 非常感谢...
如果断开连接以刷新 $tocken,您需要重置应用的状态。
Google API office Docs on Handling API Errors
401: Invalid CredentialsInvalid authorization header. The access token you're using is either expired or invalid.
{ "error": {
> "errors": [
> {
> "domain": "global",
> "reason": "authError",
> "message": "Invalid Credentials",
> "locationType": "header",
> "location": "Authorization",
> }
> ],
> "code": 401,
> "message": "Invalid Credentials" } }
Suggested action: Refresh the access token using the long-lived refresh token. If this fails, direct the user through the OAuth flow, as described in Authorizing Your App
此外,它在第 25 行的 singin.php 中有明确的注释。 98 :
// Normally the state would be a one-time use token, however in our // simple case, we want a user to be able to connect and disconnect // without reloading the page. Thus, for demonstration, we don't // implement this best practice. //$app['session']->set('state', '');
因此,在您的情况下,您的应用似乎已断开连接,从而导致 $token 变为空。因此在第 91
if (empty($token)) {
// Ensure that this is no request forgery going on, and that the user
// sending us this connect request is the user that was supposed to.
if ($request->get('state') != ($app['session']->get('state'))) {
return new Response('Invalid state parameter', 401);
}