谷歌混合协议身份验证问题
我已经成功使用 OAuth1.0+OpenID 混合协议进行 Google 身份验证,然后使用其服务。
但是,我遇到了特定用户帐户的错误。 我当前的流程:
执行发现
使用 OpenID 和 OAuth 参数将用户重定向到提供商(例如:
https://accounts.google.com/o/openid2/auth?https://accounts.google.com/o/openid2/auth?openid.ns=http://specs.openid.net/auth /2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&.....&openid.ns.ext2=h ttp://specs.openid.net/extensions/oauth/1.0&openid.ext2.consumer=mywebsite.com&openid.ext2.scope=https://picasaweb.google.com/data+https://www -opensocial.googleusercontent.com/api/people/+http://www.google.com/m8/feeds/)一旦用户成功验证并批准权限请求,应用程序就会返回到我指定的callbackurl,并带有类似于上述请求的字符串,我从“openid.ext2.request_token”中提取授权令牌,然后通过传递它来获取访问令牌一旦
但是,对于特定的用户帐户,Google 不会在成功验证并授予权限后传递上述结果,而是重定向到某个 URL https://accounts.google.com/o/openid2/approval?xsrfsign=AC9jObYAAAAATpF6x6S6Ac7MfHaZ< /code> 然后返回我的应用程序,查询字符串中不带任何参数。
相同的代码适用于其他帐户。我无法确定一个帐户有什么特殊之处(除了我上个月刚刚创建的帐户)。请注意,只有当我将 picasa 纳入范围时才会发生这种情况。如果我排除 picasa,它就会起作用。
请帮忙解决这个问题。
I've been successfully using OAuth1.0+OpenID Hybrid protocol for authentication with Google and thereafter using its services.
However, I am facing an error for a specific user account.
My current flow:
Perform Discovery
redirect user to provider with OpenID and OAuth parameters (like :
https://accounts.google.com/o/openid2/auth?https://accounts.google.com/o/openid2/auth?openid.ns=http://specs.openid.net/auth/2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&.....&openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0&openid.ext2.consumer=mywebsite.com&openid.ext2.scope=https://picasaweb.google.com/data+https://www-opensocial.googleusercontent.com/api/people/+http://www.google.com/m8/feeds/)Once, user successfully authenticates and approves permission request, application returns back to my specified callbackurl long with a string similar to aforesaid request from which I extract authorization token from "openid.ext2.request_token" and then obtain access token by passing it.
However for a specific user account, instead of passing result as stated above after successful authentication and grant of permission, google redirects to some URL https://accounts.google.com/o/openid2/approval?xsrfsign=AC9jObYAAAAATpF6x6S6Ac7MfHaZ and then back to my application without any parameter in query string.
Same code works fine for other accounts. I'm not able to identify what special can be for one account (except that I created it just last month). As a note, this happens only when I include picasa in scope. If I exclude picasa, it works.
Please help on this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
能够通过添加 request_token 请求来解决此问题。奇怪的是,对于大多数帐户来说,它无需提出此请求即可工作。但是,对于创建的新帐户,我必须在请求中明确设置此参数。一旦设置了此参数,我就获得了用户详细信息和请求令牌,而不是将用户重定向到 xsrfsign.. URL。
Was able to fix this issue by adding a request_token request. strangely, it works without having this request for most of the accounts. However for new accounts created I had to explicitly set this parameter in request. Once, this parameter was set, instead of redirecting user to xsrfsign.. URL, I got user details and request token.