帐户链接成功但访问令牌显示无效 - Google OAuth
Account links successfully but access token shows invalid - Google OAuth
我一直在尝试使用隐式流程为我的 Dialogflow 帐户链接实施 Google OAuth 服务(使用此 documentation)
我已经根据该文档开发了代码。当用户链接他的帐户并显示 "you've successfully, linked your account with chatbot" 时,它工作正常。
但是当我尝试使用我在该文档的步骤 3 中生成的访问令牌时,它说访问令牌无效。看起来它没有注册 Google 服务!
这是我用来实现它的代码
import os
import flask
from flask import request, redirect
import string
import random
from random import choice, randint
import google_auth_oauthlib.flow
from AES import AESCipher
import json
CLIENT_SECRETS_FILE = "client_secret.json"
SCOPES = ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email']
app = flask.Flask(__name__)
app.secret_key = 'SECRET_KEY'
#
# Actions on google call this function with client_id, redirect_uri, state, and response_type
#
@app.route('/auth')
def authorize():
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
print ("%%%%STATE", request.args["state"])
authorization_url, state = flow.authorization_url(
access_type='offline',
include_granted_scopes='true')
flask.session['state'] = request.args["state"]
print ("IN AUTH STATE ", state)
return flask.redirect(authorization_url)
def get_user_id():
min_char = 8
max_char = 12
allchar = string.ascii_letters + string.punctuation + string.digits
password = "".join(choice(allchar) for x in range(randint(min_char, max_char)))
return password
@app.route('/oauth2callback')
def oauth2callback():
print ("### IN CALLBACK ###", request)
state = flask.session['state']
user_id = get_user_id()
client_id = ''.join(random.sample("Google", len("Google")))
key = ''.join(random.sample("JayPatel", len("JayPatel")))
bytes_obj = {
'user_id': user_id,
'client_id': client_id
}
access_token = AESCipher("Jay").encrypt(json.dumps(bytes_obj))
access_token = access_token.replace('+', 'p')
access_token = access_token.replace('&', '1')
# My generated access_token looks like
# 6u2PeFcUtNmAblw5N3YAKSn7EC46xQVmgv3Rc8XK9sTW4xcgAxw1doRsvmgE/CC2qGUJ1x7XpNpdYvGes6qJHIEQSwvgEJt8hnYEUbm0qEA=
print ("###### Access Token ", access_token)
print ("###### State ", state)
url = "https://oauth-redirect.googleusercontent.com/r/test-happierbot-4c514#access_token=" + access_token + "&token_type=bearer&state=" + state
return redirect(url)
if __name__ == '__main__':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
app.run('localhost', 8080, debug=True)
当我尝试通过 https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=my_generated_token API 使用 access_token 获取信息 时,它给出了
{
"error": "invalid_token",
"error_description": "Invalid Value"
}
Is there any other process to activate the access_token or am I
missing any step?
如果我正确地遵循了代码,您将生成您自己的 return 用户访问令牌,然后使用 google 的 "tokeninfo" 端点来查看令牌是否有效?
Google 不知道您的令牌是什么或意味着什么,因此 return 认为它是无效的。智能助理使用您的服务获取令牌,并在从用户发送消息时 return 使用它。否则,它只是将其视为不记名令牌。
您的服务 将根据您想要的任何方式确定其有效性(在 table 中查找它,反向解密和验证它的过程,检查有效签名等)。由于 Google 对令牌一无所知,因此无法确定它是否实际有效。
tokeninfo 服务return关于令牌的信息Google已生成。
Google 不允许您将其令牌端点用于 OAuth 帐户链接。相反,您可以使用 Google Sign In for Assistant and this will give you an id token. You can use this along with regular Google Sign In through a website to get an access token and refresh token that you can use to gain access to a user's Google resources with their permission. (See 了解更多详细信息。)
我一直在尝试使用隐式流程为我的 Dialogflow 帐户链接实施 Google OAuth 服务(使用此 documentation)
我已经根据该文档开发了代码。当用户链接他的帐户并显示 "you've successfully, linked your account with chatbot" 时,它工作正常。
但是当我尝试使用我在该文档的步骤 3 中生成的访问令牌时,它说访问令牌无效。看起来它没有注册 Google 服务!
这是我用来实现它的代码
import os
import flask
from flask import request, redirect
import string
import random
from random import choice, randint
import google_auth_oauthlib.flow
from AES import AESCipher
import json
CLIENT_SECRETS_FILE = "client_secret.json"
SCOPES = ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email']
app = flask.Flask(__name__)
app.secret_key = 'SECRET_KEY'
#
# Actions on google call this function with client_id, redirect_uri, state, and response_type
#
@app.route('/auth')
def authorize():
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
print ("%%%%STATE", request.args["state"])
authorization_url, state = flow.authorization_url(
access_type='offline',
include_granted_scopes='true')
flask.session['state'] = request.args["state"]
print ("IN AUTH STATE ", state)
return flask.redirect(authorization_url)
def get_user_id():
min_char = 8
max_char = 12
allchar = string.ascii_letters + string.punctuation + string.digits
password = "".join(choice(allchar) for x in range(randint(min_char, max_char)))
return password
@app.route('/oauth2callback')
def oauth2callback():
print ("### IN CALLBACK ###", request)
state = flask.session['state']
user_id = get_user_id()
client_id = ''.join(random.sample("Google", len("Google")))
key = ''.join(random.sample("JayPatel", len("JayPatel")))
bytes_obj = {
'user_id': user_id,
'client_id': client_id
}
access_token = AESCipher("Jay").encrypt(json.dumps(bytes_obj))
access_token = access_token.replace('+', 'p')
access_token = access_token.replace('&', '1')
# My generated access_token looks like
# 6u2PeFcUtNmAblw5N3YAKSn7EC46xQVmgv3Rc8XK9sTW4xcgAxw1doRsvmgE/CC2qGUJ1x7XpNpdYvGes6qJHIEQSwvgEJt8hnYEUbm0qEA=
print ("###### Access Token ", access_token)
print ("###### State ", state)
url = "https://oauth-redirect.googleusercontent.com/r/test-happierbot-4c514#access_token=" + access_token + "&token_type=bearer&state=" + state
return redirect(url)
if __name__ == '__main__':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
app.run('localhost', 8080, debug=True)
当我尝试通过 https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=my_generated_token API 使用 access_token 获取信息 时,它给出了
{
"error": "invalid_token",
"error_description": "Invalid Value"
}
Is there any other process to activate the access_token or am I missing any step?
如果我正确地遵循了代码,您将生成您自己的 return 用户访问令牌,然后使用 google 的 "tokeninfo" 端点来查看令牌是否有效?
Google 不知道您的令牌是什么或意味着什么,因此 return 认为它是无效的。智能助理使用您的服务获取令牌,并在从用户发送消息时 return 使用它。否则,它只是将其视为不记名令牌。
您的服务 将根据您想要的任何方式确定其有效性(在 table 中查找它,反向解密和验证它的过程,检查有效签名等)。由于 Google 对令牌一无所知,因此无法确定它是否实际有效。
tokeninfo 服务return关于令牌的信息Google已生成。
Google 不允许您将其令牌端点用于 OAuth 帐户链接。相反,您可以使用 Google Sign In for Assistant and this will give you an id token. You can use this along with regular Google Sign In through a website to get an access token and refresh token that you can use to gain access to a user's Google resources with their permission. (See