Google Javascript API 401 融合凭证无效 Table
Google Javascript API 401 Invalid Credentials with Fusion Table
401 无效响应:从 Google 搜索响应来看,这似乎是一个相当普遍的问题,但不幸的是 none 帮助我完全解决了我的问题。
我有一个网页需要基于 Google 的登录,然后是来自融合 table 的 selects 数据。在登录过程中,我检查用户是否具有对融合 table 的适当访问权限,因此我知道登录有效并且他们是允许编辑 table(共享给特定人们)。我还检查收到的令牌是否有效。因此,对于每次成功登录,我都知道他们有权访问 table(已与他们共享)和有效令牌(他们已登录)。
因为这是一个 JavaScript 应用程序,所以没有刷新令牌,只有访问令牌(在线访问)。提示确实说离线访问,但我认为这只是 Google 默认设置。 我没有设置 APIKey,这解决了另一个 401 错误,一些用户(不幸的是不是同一个人)遇到了(来自 this stack overflow question)。该请求在 Google Oauth 开发人员控制台中运行良好。
大多数用户可以很好地访问它,但是对于 一些 用户,当他们 运行 从融合 table 查询 select 数据时发送 GET 请求时,他们总是会收到 401 错误(在控制台中显示为 401 (Unathorized),在返回的错误中显示为 401: Invalid Credentials)。然而,我无法在我的机器上重现该问题,并且不知道为什么会发生以及我接下来可以做什么。
很难远程连接到用户机器,我无法在其上安装 Fiddler 等软件来查看 headers,因此控制台记录。
我附上了请求失败的用户控制台图像。 GET 请求在我的机器上看起来 完全 相同(它工作正常)。可以看到Token有效,他们已经登录等等
这是相关代码的精简版(删除了敏感信息),其中包含额外的调试代码,如 checkAuth、validateToken 和 handleAuthResult2:
var clientId = 'my_client_id.apps.googleusercontent.com';
var ftTableID = 'fusiontableidstring';
var scopes = 'https://www.googleapis.com/auth/fusiontables https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/userinfo.email';
var accessToken;
var email;
var name;
var params = {
'clientid': clientId,
'cookiepolicy': 'single_host_origin',
'scope': scopes,
'approvalprompt': 'force',
'include_granted_scopes': true,
'callback': handleAuthResult
};
gapi.auth.signIn(params);
//debug code
function validateToken() {
$.ajax({
url: 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' + accessToken,
data: null,
success: function(response){
console.log(response)
if (response.audience == clientId) {
console.log('Our token is valid....');
} else {
console.log(response.audience + ' not equal to ' + clientId);
}
},
error: function(error) {
console.log(error)
console.log('Our token is not valid....');
},
dataType: "jsonp"
});
}
function checkAuth() {
console.log("checking authorization");
gapi.auth.authorize(
{'client_id': clientId, 'scope': scopes, 'immediate': true},
handleAuthResult2);
}
function handleAuthResult2(authResult) {
if (authResult) { //result
console.log(authResult.status);
console.log(authResult);
if (authResult.error) {
reset();
gapi.auth.authorize(
{'client_id': clientId, 'scope': scopes, 'immediate': false},
handleAuthResult);
} else {
}
}
}
//end debug code
// Handle the results of the OAuth 2.0 flow.
function handleAuthResult(authResult) {
if (authResult) { //result
if (authResult.error) {
console.log(authResult.error);
reset();
} else {
//successfully signed in, requests can be sent (will automatically contain access token)
accessToken = authResult.access_token;
validateToken(); //debug only
//check who the user is
gapi.client.load('plus','v1').then(function() {
gapi.client.plus.people.get({
'userId': 'me'
}).then(function(res) {
var profile = res.result;
email = profile.emails[0].value;
name = profile.displayName;
document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ")" ;
//check permissions
}).then(function() {
gapi.client.load('drive', 'v2').then(function() {
gapi.client.drive.permissions.getIdForEmail({
'email': email,
}).then(function(resp) {
var userid = resp.result.id;
gapi.client.drive.permissions.get({
'fileId': ftTableID,
'permissionId': userid
}).then(function(resp2) {
if(resp2.status == 200) {
document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ") with correct permissions." ;
} else {
document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
}
},
function(reason) { //drive permissions failed
document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
});
});
});
});
});
}
}
}
// build the request to SELECT data from Fusion Table.
function selectData() {
var sqlValue = document.getElementById("searchvalue").value;
var matchCondition = "CONTAINS";
if (sqlValue.length == 0) {
alert('No value entered!')
} else {
//escape single quotes in sqlValue
sqlValue = sqlValue.replace(/'/g, "\'");
var sql = "SELECT ROWID, COUNTRY FROM " + ftTableID + " WHERE COUNTRY " + matchCondition + " '" + sqlValue + "' ORDER BY ADMINNAME";
query(sql, 'select-data-output');
};
}
// Send SQL query to Fusion Tables.
function query(query, element) {
var lowerCaseQuery = query.toLowerCase();
var path = '/fusiontables/v2/query';
var callback = function(element) {
//handle response depending on output element
return function(resp) {
if (resp.rows) {
createTable(resp, element);
} else {
//no rows returned
if (resp.error) {
var tableID = element;
clearTable(tableID);
var tableDiv = document.getElementById(tableParentDiv);
var tableElement = document.createElement('table');
tableElement.id = tableID;
if (resp.error.code) {
var errorText = "Error code: " + resp.error.code;
errorText += '\n' + resp.error.message;
tableElement.innerHTML = errorText;
} else {
tableElement.innerHTML = "An unknown error occurred " + resp.error;
}
tableDiv.appendChild(tableElement);
if (resp.error.code == 401) {
checkAuth(); //debug only
}
} else {
alert("No results for that search. Check spelling and select from options.");
clearTable(element);
}
}
};
}
if (lowerCaseQuery.indexOf('select') != 0 &&
lowerCaseQuery.indexOf('show') != 0 &&
lowerCaseQuery.indexOf('describe') != 0) {
// is update query
var body = 'sql=' + encodeURIComponent(query);
runClientRequest({
path: path,
body: body,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': body.length
},
method: 'POST'
}, callback(element));
} else {
runClientRequest({
path: path,
params: { 'sql': query }
}, callback(element));
}
}
// Execute the client request.
function runClientRequest(request, callback) {
var restRequest = gapi.client.request(request);
console.log("the restRequest is: " + JSON.stringify(restRequest));
restRequest.execute(callback);
}
对于后代:问题不是 OAuth 过程,而是用户没有正确的 google 应用程序域权限集的问题。当组织为用户子域打开融合 table 服务时,错误消失了。
401 无效响应:从 Google 搜索响应来看,这似乎是一个相当普遍的问题,但不幸的是 none 帮助我完全解决了我的问题。
我有一个网页需要基于 Google 的登录,然后是来自融合 table 的 selects 数据。在登录过程中,我检查用户是否具有对融合 table 的适当访问权限,因此我知道登录有效并且他们是允许编辑 table(共享给特定人们)。我还检查收到的令牌是否有效。因此,对于每次成功登录,我都知道他们有权访问 table(已与他们共享)和有效令牌(他们已登录)。
因为这是一个 JavaScript 应用程序,所以没有刷新令牌,只有访问令牌(在线访问)。提示确实说离线访问,但我认为这只是 Google 默认设置。 我没有设置 APIKey,这解决了另一个 401 错误,一些用户(不幸的是不是同一个人)遇到了(来自 this stack overflow question)。该请求在 Google Oauth 开发人员控制台中运行良好。
大多数用户可以很好地访问它,但是对于 一些 用户,当他们 运行 从融合 table 查询 select 数据时发送 GET 请求时,他们总是会收到 401 错误(在控制台中显示为 401 (Unathorized),在返回的错误中显示为 401: Invalid Credentials)。然而,我无法在我的机器上重现该问题,并且不知道为什么会发生以及我接下来可以做什么。
很难远程连接到用户机器,我无法在其上安装 Fiddler 等软件来查看 headers,因此控制台记录。
我附上了请求失败的用户控制台图像。 GET 请求在我的机器上看起来 完全 相同(它工作正常)。可以看到Token有效,他们已经登录等等
这是相关代码的精简版(删除了敏感信息),其中包含额外的调试代码,如 checkAuth、validateToken 和 handleAuthResult2:
var clientId = 'my_client_id.apps.googleusercontent.com';
var ftTableID = 'fusiontableidstring';
var scopes = 'https://www.googleapis.com/auth/fusiontables https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/userinfo.email';
var accessToken;
var email;
var name;
var params = {
'clientid': clientId,
'cookiepolicy': 'single_host_origin',
'scope': scopes,
'approvalprompt': 'force',
'include_granted_scopes': true,
'callback': handleAuthResult
};
gapi.auth.signIn(params);
//debug code
function validateToken() {
$.ajax({
url: 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' + accessToken,
data: null,
success: function(response){
console.log(response)
if (response.audience == clientId) {
console.log('Our token is valid....');
} else {
console.log(response.audience + ' not equal to ' + clientId);
}
},
error: function(error) {
console.log(error)
console.log('Our token is not valid....');
},
dataType: "jsonp"
});
}
function checkAuth() {
console.log("checking authorization");
gapi.auth.authorize(
{'client_id': clientId, 'scope': scopes, 'immediate': true},
handleAuthResult2);
}
function handleAuthResult2(authResult) {
if (authResult) { //result
console.log(authResult.status);
console.log(authResult);
if (authResult.error) {
reset();
gapi.auth.authorize(
{'client_id': clientId, 'scope': scopes, 'immediate': false},
handleAuthResult);
} else {
}
}
}
//end debug code
// Handle the results of the OAuth 2.0 flow.
function handleAuthResult(authResult) {
if (authResult) { //result
if (authResult.error) {
console.log(authResult.error);
reset();
} else {
//successfully signed in, requests can be sent (will automatically contain access token)
accessToken = authResult.access_token;
validateToken(); //debug only
//check who the user is
gapi.client.load('plus','v1').then(function() {
gapi.client.plus.people.get({
'userId': 'me'
}).then(function(res) {
var profile = res.result;
email = profile.emails[0].value;
name = profile.displayName;
document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ")" ;
//check permissions
}).then(function() {
gapi.client.load('drive', 'v2').then(function() {
gapi.client.drive.permissions.getIdForEmail({
'email': email,
}).then(function(resp) {
var userid = resp.result.id;
gapi.client.drive.permissions.get({
'fileId': ftTableID,
'permissionId': userid
}).then(function(resp2) {
if(resp2.status == 200) {
document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ") with correct permissions." ;
} else {
document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
}
},
function(reason) { //drive permissions failed
document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
});
});
});
});
});
}
}
}
// build the request to SELECT data from Fusion Table.
function selectData() {
var sqlValue = document.getElementById("searchvalue").value;
var matchCondition = "CONTAINS";
if (sqlValue.length == 0) {
alert('No value entered!')
} else {
//escape single quotes in sqlValue
sqlValue = sqlValue.replace(/'/g, "\'");
var sql = "SELECT ROWID, COUNTRY FROM " + ftTableID + " WHERE COUNTRY " + matchCondition + " '" + sqlValue + "' ORDER BY ADMINNAME";
query(sql, 'select-data-output');
};
}
// Send SQL query to Fusion Tables.
function query(query, element) {
var lowerCaseQuery = query.toLowerCase();
var path = '/fusiontables/v2/query';
var callback = function(element) {
//handle response depending on output element
return function(resp) {
if (resp.rows) {
createTable(resp, element);
} else {
//no rows returned
if (resp.error) {
var tableID = element;
clearTable(tableID);
var tableDiv = document.getElementById(tableParentDiv);
var tableElement = document.createElement('table');
tableElement.id = tableID;
if (resp.error.code) {
var errorText = "Error code: " + resp.error.code;
errorText += '\n' + resp.error.message;
tableElement.innerHTML = errorText;
} else {
tableElement.innerHTML = "An unknown error occurred " + resp.error;
}
tableDiv.appendChild(tableElement);
if (resp.error.code == 401) {
checkAuth(); //debug only
}
} else {
alert("No results for that search. Check spelling and select from options.");
clearTable(element);
}
}
};
}
if (lowerCaseQuery.indexOf('select') != 0 &&
lowerCaseQuery.indexOf('show') != 0 &&
lowerCaseQuery.indexOf('describe') != 0) {
// is update query
var body = 'sql=' + encodeURIComponent(query);
runClientRequest({
path: path,
body: body,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': body.length
},
method: 'POST'
}, callback(element));
} else {
runClientRequest({
path: path,
params: { 'sql': query }
}, callback(element));
}
}
// Execute the client request.
function runClientRequest(request, callback) {
var restRequest = gapi.client.request(request);
console.log("the restRequest is: " + JSON.stringify(restRequest));
restRequest.execute(callback);
}
对于后代:问题不是 OAuth 过程,而是用户没有正确的 google 应用程序域权限集的问题。当组织为用户子域打开融合 table 服务时,错误消失了。