Google OAuth 回调的 Lambda 端点未收到 access_token

问题描述 投票:0回答:1

当用户完成 OAuth 同意流程时调用的我的服务器不包含调用回调的完整 url。删除

#
之后的所有内容

回调浏览器中看到的完整url:

https://<domain>/google-drive/callback
  #access_token=<token>
  &token_type=Bearer&expires_in=3599
  &scope=https://www.googleapis.com/auth/drive.file%20https://www.googleapis.com/auth/drive.install

服务器收到APIGateway事件

 {
  version: '2.0',
  routeKey: 'GET /google-drive/callback',
  rawPath: '/google-drive/callback',
  rawQueryString: '',
  headers: {
    accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
    'accept-encoding': 'gzip, deflate, br',
    'accept-language': 'en-US,en;q=0.5',
    'content-length': '0',
    host: 'jmvd2hngq3.execute-api.us-east-1.amazonaws.com',
    'sec-fetch-dest': 'document',
    'sec-fetch-mode': 'navigate',
    'sec-fetch-site': 'none',
    'sec-fetch-user': '?1',
    'upgrade-insecure-requests': '1',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0',
    'x-amzn-trace-id': 'Root=1-6609a719-148a9dd90fa586d725643c88',
    'x-forwarded-for': '68.23.54.13',
    'x-forwarded-port': '443',
    'x-forwarded-proto': 'https'
  },
  queryStringParameters: {},
  requestContext: {
    accountId: '87438545',
    apiId: 'kjndf98n49v',
    domainName: 'kjndf98n49v.execute-api.us-east-1.amazonaws.com',
    domainPrefix: 'kjndf98n49v',
    http: {
      method: 'GET',
      path: '/google-drive/callback',
      protocol: 'HTTP/1.1',
      sourceIp: '65.30.11.25',
      userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0'
    },
    requestId: 'lkljSDLVK=',
    routeKey: 'GET /google-drive/callback',
    stage: '$default',
    time: '31/Mar/2024:18:10:33 +0000',
    timeEpoch: 1711908633334
  },
  isBase64Encoded: false
}

OAuth 起始网址:

https://accounts.google.com/o/oauth2/v2/auth
  ?client_id=<client-id>
  &redirect_uri=https://kjndf98n49v.execute-api.us-east-1.amazonaws.com/google-drive/callback
  &response_type=access_token
  &scope=https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.install
aws-lambda oauth google-oauth aws-api-gateway
1个回答
0
投票

收到的回调 URL 包含一个 

#
片段。 这些不会发送到服务器

Google 在 URL 中包含该片段的原因是 OAuth 起始 URL 的 

response_type
设置为 
access_token

如果您将该值更改为 

code
,Google 将格式化回调以使用 queryString 参数,并且 ApiGatewayProxyEvent 将包含访问令牌。

response_type=code
适用于 服务器集成,而 
response_type=access_token
适用于 Web 应用程序

OAuth 规范还提供了文档,介绍了您可以在 OAuth 授权流程请求中设置的值

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.