问题描述
作为OpenID Connect(用于登录的OAuth2)的一部分,我的应用程序应该通过端点https://www.googleapis.com/oauth2/v3/token请求一次授权代码的访问令牌,并获得一次性授权代码.根据文档,此请求需要传递给它的5个参数,其中包括client_id.这正是我的应用程序使用Perl模块Net::OAuth2所做的.
As part of the OpenID Connect (OAuth2 for Login), my application is supposed to request an access token, given a one-time authorization code, via the endpoint https://www.googleapis.com/oauth2/v3/token. According to documentation, this request needs 5 parameters passed to it, client_id among them. That is exactly what my application does, using the Perl module Net::OAuth2.
一切都已经好几个月了,但是今天我被告知它停止工作了.没有对应用程序代码或它所使用的库进行更新.
Everything has been working fine for several months, but today I was notified that it stopped working. No updates were made to the application code nor the libraries used by it.
在400错误响应中,我的应用程序现在在调用token端点时从服务器收到的消息是:
The message my application now receives from the server when calling the token endpoint is this, in a 400 error response:
OAuth 2 parameters can only have a single value: client_id
Google搜索表明,以前没有人看过这则消息,也没有人活着讲述这个故事. Google的OpenID Connect似乎没有一个普遍的问题(基于它的其他服务正在正常运行),并且即将关闭的旧登录协议似乎无关紧要.
A Google search suggests nobody has ever seen this message before, or lived to tell the tale. There doesn't seem to be a general issue with Google's OpenID Connect (other services based on it are working flawlessly), and the imminent shutdown of the old login protocol doesn't seem relevant.
更多测试:删除除client_id以外的所有参数会导致此错误消息:
More testing: removing all parameters except client_id causes this error message:
Required parameter is missing: grant_type
仅提供client_id和grant_type会再次产生原始错误消息.
Supplying only client_id and grant_type produces the original error message again.
有人知道这里发生了什么吗?
Does anyone have an idea what's going on here?
推荐答案
出现相同的错误.看来问题在于,在将授权代码交换为访问令牌时,NET::OAuth2设置了authorization标头.如果删除此标头,则一切正常.检查Net::OAuth2::Profile::WebServer模块中的get_access_token方法. authorization标头包含client_id:client_secret base64编码的字符串.显然,Google现在将此重复视为错误.
Got the same error. It seems the problem is that NET::OAuth2 sets the authorization header when exchanging authorization code for access token. If you remove this header everything works fine.Check the get_access_token method in Net::OAuth2::Profile::WebServer module. The authorization header includes client_id:client_secret base64-encoded string. Apparently Google now treats this duplication as an error.
解决此问题的正确方法是在创建Net::OAuth2::Profile::WebServer对象时设置secrets_in_params参数.查看 Net :: OAuth2 :: Profile 文档以获取更多详细信息.
The right way of fixing this is to set the secrets_in_params parameter when creating Net::OAuth2::Profile::WebServer object. Look in the Net::OAuth2::Profile documentation for more details.
这篇关于Google的OpenID Connect表示:OAuth 2参数只能有一个值:client_id的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!