javascript - 使用 Google API 进行身份验证后无法获取访问和刷新 token

Question

我关注了this awesome tutorial在用户使用他们的谷歌帐户登录后获取访问和刷新 token ，但我在调用 GetAccessCode() 时总是这样响应:

{
   "error": "invalid_request"
}

这是我的代码:

var url = window.location.href;

if (url.indexOf("code=") > 0) { //Once the user signed in with Google
    var code_starts = url.indexOf("code=");
    var code = url.substring((code_starts + 5), url.length);
    alert("Code= " + code);
    GetAccessTokens(code);
} else if (url.indexOf("access_token=") > 0) { //Get the tokens, but I never get this far
    var at_starts = url.indexOf("access_token=");
    var exp_starts = url.indexOf("expires_in=");
    var access_token = url.substring((at_starts + 13), exp_starts);
    alert("AT= " + access_token);

    var rt_starts = url.indexOf("refresh_token=");
    var id_starts = url.indexOf("id_token=");
    var refresh_token = url.substring((rt_starts + 14), id_starts);
    alert("RT= " + refresh_token);
} else {
    GetAccessCode(); //If user opens the page, show him the consent screen
}

function GetAccessCode() {
   window.location = 'https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https://mywebsite.com/quickstart.html' + '&response_type=code' + '&client_id=' + clientId + '&scope=' + scopes + '&approval_prompt=force' + '&access_type=offline';
}

function GetAccessTokens(code) {
    window.location = 'https://accounts.google.com/o/oauth2/token?code=' + code + '&client_id=' + clientId + '&client_secret=' + clientSecret + '&redirect_uri=https://mywebsite.com/quickstart.html' + '&grant_type=authorization_code';
}

这里我收到了 invalid_request 错误。

我尝试通过 ajax 请求获取 token ，而不必再次重定向页面(糟糕的用户体验):

    var red = 'https://mywebsite.com/quickstart.html';
    var options = {
       url: 'https://accounts.google.com/o/oauth2/token',
       type: "POST",
       dataType: "json",
       data: "code=code&client_id=clientId&client_secret=clientSecret&redirect_uri=red&grant_type=authorization_code",
        complete: function (e) {
            alert(e);
            alert(e.status);
        },
    };
    $.ajax(options);
}

我也尝试过使用标题:

headers: { "Content-type": "application/x-www-form-urlencoded"},

我也这样试过:

$.ajax({
    url: "https://accounts.google.com/o/oauth2/token",
    type: "post",
    datatype:"json",
    contentType: "application/x-www-form-urlencoded; charset=utf-8",
    async : true,
    data: {code:code, client_id:clientId, client_secret:clientSecret, redirect_uri:'https://mywebsite.com/quickstart.html', grant_type:'authorization_code'},
    success: function(response){
        alert(response); //I never get this
        var json = $.parseJSON(response);
    } 
})
.fail(function(err) {
    alert("error" + err); //I get [Object object]
});

还有一些其他的东西。 哦，所有参数都有正确的值。

有什么想法吗？

附:oauth playground显示正确的 token url 是 https://www.googleapis.com/oauth2/v4/token 但是当我使用它时，我在浏览器中得到 Not found。

Answer 1

3 天后，我做到了。感谢 console.log 提示，@Brunt!

$.ajax({
            url: 'https://www.googleapis.com/oauth2/v4/token',
            type: "post",
            datatype:"json",
            contentType: "application/x-www-form-urlencoded; charset=utf-8",
            async : true,
            data: {code:code, client_id:clientId, client_secret:clientSecret, redirect_uri:'https://mywebsite.com/quickstart.html', grant_type:'authorization_code'},
            success: function(response){
                console.log("Response: " + response);
                console.log("AT: " + response['access_token']);
                console.log("RT: " + response['refresh_token']);

                access_token = response['access_token'];
                refresh_token = response['refresh_token'];
            }
        })
        .fail(function(err) {
            alert("error" + err); //[Object object]
            console.log("error" + err);
        });