Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
727 views
in Technique[技术] by (71.8m points)

getting Google oauth authorization token from Android- return with invalid_scope/ Unknown error

I try to use Google oauth to authenticate users on my android app. Then I would like to send it to my app server so it can connect at any time with Google calendar.

I tried to use GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);

Following this article: https://developers.google.com/accounts/docs/CrossClientAuth

When I use it with scope mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"; I get a token, which is valid for an hour

But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";

I receive either "invalid_scope" or "Unknown" exceptions.

What am I doing wrong?

EDIT: OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL. BTW, When I do the web flow with same parameters it works.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token

  1. When you create google Client ID Don't create a service application before you create a web application

  2. Must include https://www.googleapis.com/auth/plus.login in your scope

  3. The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...