2014-07-15 47 views
2

我們正在試圖從谷歌獲取OAuth令牌時,「redirect_uri_mismatch」錯誤:谷歌的OAuth:redirect_uri_mismatch

[client 127.0.0.1:49892] {\n "error" : "redirect_uri_mismatch"\n}, referer: `http://localhost/oAuth/chess-login.html` 

有正在使用的兩個文件:國際象棋的login.html和plus.php(代碼如下)。

的谷歌API具有以下URI:

http://localhost/oAuth/chess-login.html 

任何人都可以指向一個解決方案嗎?

plus.php:

<?php 

    $client_id = "XXX.apps.googleusercontent.com"; //your client id 
    $client_secret = "XXX"; //your client secret 
    $redirect_uri = "http://localhost/chess-login.html"; 
    $scope = "https://www.googleapis.com/auth/plus.login"; //google scope to access 
    $state = "profile"; //optional 
    $access_type = "offline"; //optional - allows for retrieval of refresh_token for offline access 

    if(isset($_POST['results'])){ 
     $_SESSION['accessToken'] = get_oauth2_token($_POST['results']); 
    } 

    //returns session token for calls to API using oauth 2.0 
    function get_oauth2_token($code) { 
     global $client_id; 
     global $client_secret; 
     global $redirect_uri; 

     $oauth2token_url = "https://accounts.google.com/o/oauth2/token"; 
     $clienttoken_post = array(
     "code" => $code, 
     "client_id" => $client_id, 
     "client_secret" => $client_secret, 
     "redirect_uri" => $redirect_uri, 
     "grant_type" => "authorization_code" 
     ); 

     $curl = curl_init($oauth2token_url); 


     curl_setopt($curl, CURLOPT_POST, true); 
     curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post); 
     curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY); 
     curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); 
     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 

     $json_response = curl_exec($curl); 
     error_log($json_response); 
     curl_close($curl); 
     $authObj = json_decode($json_response); 

     if (isset($authObj->refresh_token)){ 
      //refresh token only granted on first authorization for offline access 
      //save to db for future use (db saving not included in example) 
      global $refreshToken; 
      $refreshToken = $authObj->refresh_token; 
     } 

     $accessToken = $authObj->access_token; 
     return $accessToken; 
    } 
?> 

棋的login.html:

<!DOCTYPE html> 
<html> 

<html itemscope itemtype="http://schema.org/Article"> 
<head> 
    <!-- BEGIN Pre-requisites --> 
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> 
    <script type="text/javascript"> 
    (function() { 
     var po = document.createElement('script'); 
     po.type = 'text/javascript'; 
     po.async = true; 
     po.src = 'https://plus.google.com/js/client:plusone.js?onload=start'; 
     var s = document.getElementsByTagName('script')[0]; 
     s.parentNode.insertBefore(po, s); 
    })(); 
    </script> 
    <!-- END Pre-requisites --> 
</head> 


<body> 

<div id="signinButton"> 
    <span class="g-signin" 
    data-scope="https://www.googleapis.com/auth/plus.login" 
    data-clientid="XXX.apps.googleusercontent.com" 
    data-redirecturi="postmessage" 
    data-accesstype="offline" 
    data-cookiepolicy="single_host_origin" 
    data-callback="signInCallback"> 
    </span> 
</div> 
<div id="result"></div> 

<p id="onSignInText"></p> 

</body> 

<!-- Last part of BODY element in file index.html --> 
<script type="text/javascript"> 
function signInCallback(authResult) { 

    if (authResult['code']) { 

    // Hide the sign-in button now that the user is authorized, for example: 
    $('#signinButton').attr('style', 'display: none'); 
    //document.getElementById("onSignInText").innerHTML = "Sign in successful"; 

    $.post("plus.php", {results: authResult['code']}, 
     function(data){alert(data); }); 


    // Send the code to the server 
    $.ajax({ 
     type: 'POST', 
     url: 'plus.php?storeToken', 
     contentType: 'application/octet-stream; charset=utf-8', 
     success: function(result) { 
     // Handle or verify the server response if necessary. 

     // Prints the list of people that the user has allowed the app to know 
     // to the console. 
     console.log(result); 
     if (result['profile'] && result['people']){ 
      $('#results').html('Hello ' + result['profile']['displayName'] + '. You successfully made a server side call to people.get and people.list'); 
     } else { 
      $('#results').html('Failed to make a server-side call. Check your configuration and console.'); 
     } 
     }, 
     processData: false, 
     data: authResult['code'] 
    }); 



    } else if (authResult['error']) { 
    // There was an error. 
    // Possible error codes: 
    // "access_denied" - User denied access to your app 
    // "immediate_failed" - Could not automatially log in the user 
    // console.log('There was an error: ' + authResult['error']); 
    } 
} 
</script> 


</html> 

回答

6

應設置redirect_uri服務器以匹配您在客戶端有data-redirecturi="postmessage" (您的流量不需要重定向,所以Google API控制檯的值不會被使用......)

. . . 
$clienttoken_post = array(
    "code" => $code, 
    "client_id" => $client_id, 
    "client_secret" => $client_secret, 
    "redirect_uri" => "postmessage", // <== Change here! 
    "grant_type" => "authorization_code" 
); 
. . . 
+0

謝謝。我必須試一試。我最終使用了Hybridauth,它爲我處理了大量的OAuth細節。 – Searle

+0

這結束了我的六個小時的谷歌馬拉松比賽,並且(幾乎)讓我回到了理智狀態。謝謝 – James