Google 日历事件观看 401 未经授权
Google Calendar Events Watch 401 Unauthorized
我在使用 Google 日历 Events: watch API. I've setup the client ID and client secret and am able to get access and refresh tokens from a user. Also the domain is verified in the Google API console 时遇到问题。如下所示,我可以使用 API 插入一个新事件。但是,调用 Events Watch 失败并显示 401 Unauthorized 消息。下面我包含了 HTTP 日志。
我正在使用 java libraries provided by Google
有人知道我为什么收到 401 未经授权的响应吗?
创建新活动
CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"somename@somedomain.tld","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 269
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true' << $$$
CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"somename@somedomain.tld","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/17) CONFIG - -------------- RESPONSE --------------
(2/17) HTTP/1.1 200 OK
(3/17) Transfer-Encoding: chunked
(4/17) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/17) Server: GSE
(6/17) X-Content-Type-Options: nosniff
(7/17) Pragma: no-cache
(8/17) Date: Fri, 04 May 2018 16:24:06 GMT
(9/17) X-Frame-Options: SAMEORIGIN
(10/17) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/17) ETag: "3050902092840000"
(12/17) Content-Encoding: gzip
(13/17) Vary: X-Origin
(14/17) Vary: Origin
(15/17) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(16/17) X-XSS-Protection: 1; mode=block
(17/17) Content-Type: application/json; charset=UTF-8
CONFIG - Total: 1.070 bytes
(1/44) CONFIG - {[GOOGLE EVENT JSON, REMOVED FOR BREVITY]}
创建事件按预期进行,因此我们知道使用的访问令牌是有效的。
现在我们试着看日历。
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8
由于 HTTP/1.1 401 未经授权的响应,访问令牌现已刷新。
(1/6) CONFIG - -------------- REQUEST --------------
(2/6) POST https://accounts.google.com/o/oauth2/token
(3/6) Accept-Encoding: gzip
(4/6) User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)
(5/6) Content-Type: application/x-www-form-urlencoded; charset=UTF-8
(6/6) Content-Length: 229
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -d '@-' -- 'https://accounts.google.com/o/oauth2/token' << $$$
CONFIG - Total: 229 bytes
CONFIG - grant_type=refresh_token&refresh_token=[REFRESHTOKEN]client_secret=[CLIENTSECRET]
(1/15) CONFIG - -------------- RESPONSE --------------
(2/15) HTTP/1.1 200 OK
(3/15) Transfer-Encoding: chunked
(4/15) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/15) Server: ESF
(6/15) X-Content-Type-Options: nosniff
(7/15) Pragma: no-cache
(8/15) Date: Fri, 04 May 2018 16:24:06 GMT
(9/15) X-Frame-Options: SAMEORIGIN
(10/15) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/15) Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
(12/15) Content-Encoding: gzip
(13/15) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(14/15) X-XSS-Protection: 1; mode=block
(15/15) Content-Type: application/json; charset=utf-8
CONFIG - Total: 206 bytes
(1/5) CONFIG - {
(2/5) "access_token" : "[TOKEN]",
(3/5) "expires_in" : 3600,
(4/5) "token_type" : "Bearer"
(5/5) }
返回与之前相同的令牌。图书馆自动又开始看日历了。
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8
由于同样的原因,此尝试失败,访问令牌再次刷新,依此类推。几次尝试后,图书馆终于停止尝试。
我查看了以下问题,但认为它们描述的情况不同:
https
- Receiving (401) Unauthorized with google calendar API
- Using Google Calendar API returns 401 (unauthorized)
- Google calendar push notification : Unauthorized webhook call
- Why am I getting a (401) Unauthorized Error in Google Calendar API
- 401 (Unauthorized) Error with DotNetOpenAuth and Google Calendar
- Ruby Google Calendar Integration Watch Event / Push Notification
所以我们终于找到了解决方案。域验证出错。所以做配置的一方用了https://mysubdomain.mydomain.com/somepath/ in the Domain verification instead of just https://mysubdomain.mydomain.com/.
我有 seen 条错误消息,如下所示。这清楚地表明用于回调的 url/domain 存在错误。收到这样的消息而不是空的 401 响应会很有帮助。
{
"error": {
"errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: XXX"
}
],
"code": 401,
"message": "Unauthorized WebHook callback channel: XXX"
}
}
我在使用 Google 日历 Events: watch API. I've setup the client ID and client secret and am able to get access and refresh tokens from a user. Also the domain is verified in the Google API console 时遇到问题。如下所示,我可以使用 API 插入一个新事件。但是,调用 Events Watch 失败并显示 401 Unauthorized 消息。下面我包含了 HTTP 日志。
我正在使用 java libraries provided by Google
有人知道我为什么收到 401 未经授权的响应吗?
创建新活动
CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"somename@somedomain.tld","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 269
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true' << $$$
CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"somename@somedomain.tld","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/17) CONFIG - -------------- RESPONSE --------------
(2/17) HTTP/1.1 200 OK
(3/17) Transfer-Encoding: chunked
(4/17) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/17) Server: GSE
(6/17) X-Content-Type-Options: nosniff
(7/17) Pragma: no-cache
(8/17) Date: Fri, 04 May 2018 16:24:06 GMT
(9/17) X-Frame-Options: SAMEORIGIN
(10/17) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/17) ETag: "3050902092840000"
(12/17) Content-Encoding: gzip
(13/17) Vary: X-Origin
(14/17) Vary: Origin
(15/17) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(16/17) X-XSS-Protection: 1; mode=block
(17/17) Content-Type: application/json; charset=UTF-8
CONFIG - Total: 1.070 bytes
(1/44) CONFIG - {[GOOGLE EVENT JSON, REMOVED FOR BREVITY]}
创建事件按预期进行,因此我们知道使用的访问令牌是有效的。
现在我们试着看日历。
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8
由于 HTTP/1.1 401 未经授权的响应,访问令牌现已刷新。
(1/6) CONFIG - -------------- REQUEST --------------
(2/6) POST https://accounts.google.com/o/oauth2/token
(3/6) Accept-Encoding: gzip
(4/6) User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)
(5/6) Content-Type: application/x-www-form-urlencoded; charset=UTF-8
(6/6) Content-Length: 229
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -d '@-' -- 'https://accounts.google.com/o/oauth2/token' << $$$
CONFIG - Total: 229 bytes
CONFIG - grant_type=refresh_token&refresh_token=[REFRESHTOKEN]client_secret=[CLIENTSECRET]
(1/15) CONFIG - -------------- RESPONSE --------------
(2/15) HTTP/1.1 200 OK
(3/15) Transfer-Encoding: chunked
(4/15) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/15) Server: ESF
(6/15) X-Content-Type-Options: nosniff
(7/15) Pragma: no-cache
(8/15) Date: Fri, 04 May 2018 16:24:06 GMT
(9/15) X-Frame-Options: SAMEORIGIN
(10/15) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/15) Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
(12/15) Content-Encoding: gzip
(13/15) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(14/15) X-XSS-Protection: 1; mode=block
(15/15) Content-Type: application/json; charset=utf-8
CONFIG - Total: 206 bytes
(1/5) CONFIG - {
(2/5) "access_token" : "[TOKEN]",
(3/5) "expires_in" : 3600,
(4/5) "token_type" : "Bearer"
(5/5) }
返回与之前相同的令牌。图书馆自动又开始看日历了。
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8
由于同样的原因,此尝试失败,访问令牌再次刷新,依此类推。几次尝试后,图书馆终于停止尝试。
我查看了以下问题,但认为它们描述的情况不同: https
- Receiving (401) Unauthorized with google calendar API
- Using Google Calendar API returns 401 (unauthorized)
- Google calendar push notification : Unauthorized webhook call
- Why am I getting a (401) Unauthorized Error in Google Calendar API
- 401 (Unauthorized) Error with DotNetOpenAuth and Google Calendar
- Ruby Google Calendar Integration Watch Event / Push Notification
所以我们终于找到了解决方案。域验证出错。所以做配置的一方用了https://mysubdomain.mydomain.com/somepath/ in the Domain verification instead of just https://mysubdomain.mydomain.com/.
我有 seen 条错误消息,如下所示。这清楚地表明用于回调的 url/domain 存在错误。收到这样的消息而不是空的 401 响应会很有帮助。
{
"error": {
"errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: XXX"
}
],
"code": 401,
"message": "Unauthorized WebHook callback channel: XXX"
}
}