问题描述
我遇到以下错误
google.auth.exceptions.RefreshError:凭据不包含刷新访问令牌所需的必要字段。您必须指定refresh_token,token_uri,client_id和client_secret。
我的项目是使用Angular正面和长颈瓶构建的。
我的Web应用受到范围为Gmail.readonly
的IAP的保护(我需要为用户列出所有标签)。
因此,我需要从IAP oauth2获取access_token并将其传递给背面以进行呼叫Gmail API 角度方面,我尝试使用它来获取我的access_token
初始间隙
async initGoogleAuth(): Promise<void> {
const payload = new Promise((resolve) => {
gapi.load('auth2',resolve);
});
return payload.then(async () => {
await gapi.auth2
.init({
client_id: this.clientId,fetch_basic_profile: true,prompt: 'select_account'
})
.then(auth => {
this.gapiSetup = true;
this.authInstance = auth;
});
}).catch(e => {
console.log('Error initiating Google auth');
console.log(e);
return;
});
}
验证gapi是否为初始化
async authenticate(): Promise<any> {
if (!this.gapiSetup) {
await this.initGoogleAuth();
}
const signInInstance = this.authInstance.signIn();
await signInInstance.then(result => {
const googleUser = this.authInstance.currentUser.get();
this.isSignedIn = googleUser.isSignedIn();
const profile = this.authInstance.currentUser.get().getBasicProfile()
localStorage.setItem('email',profile.getEmail());
localStorage.setItem('userName',profile.getName());
localStorage.setItem('imageUrl',profile.getImageUrl());
localStorage.setItem('token',this.authInstance.currentUser.get().getAuthResponse().id_token);
localStorage.setItem('accessToken',this.authInstance.currentUser.get().getAuthResponse().access_token);
console.log(this.authInstance.currentUser.get().getAuthResponse(true))
}).catch(e => {
console.log(e);
});
}
从我的组件中,通过标头access_toke
sendRequest() {
const headers = {
headers: {
"x-dvtm-access-token": localStorage.getItem('accessToken'),"x-Goog-Authenticated-User-Email": localStorage.getItem('email')
}
};
// add "/check-preserve" for prod
this.httpClient.get(environment.apiUrl + "/check-preserve",headers).subscribe(res => {
if (typeof res === "string") {
this.processResult(JSON.parse(res))
}
console.log(typeof (res));
this.loading = false
},err => {
this.loading = false
console.error(err);
});
}
烧瓶方面,我在这里获得令牌并建立凭据:
access_token = request.headers.get('x-dvtm-access-token')
user = request.headers.get('X-Goog-Authenticated-User-Email').replace("accounts.google.com:","")
if not access_token or not user:
return "Not authorized",401
creds = google.oauth2.credentials.Credentials(access_token)
logging.info(creds.__dict__)
response = check_preserve_label(creds,user=user)
我缺少什么?谢谢
EDIT
因此,我将烧瓶更改为通过(请求模块)发送HTTP请求,并添加标头Authorization:。 但是我有一种感觉,IAP oauth2不提供作用域访问(即使在配置中进行了设置)
“错误”:{“代码”:403,“消息”:“请求不足 身份验证范围。”,“错误”:[{'message':'不足 权限”,“域”:“全局”,“原因”: 'insufficientPermissions'}],'status':'PERMISSION_DENIED'}
因此,对于IAP(域访问),我可能需要双重身份验证;对于范围访问(对我来说,Gmail),我可能需要双重身份验证Issue traker
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)