当用户完成 OAuth 同意流程时调用的我的服务器不包含调用回调的完整 url。删除
#
之后的所有内容
回调浏览器中看到的完整url:
https://<domain>/google-drive/callback
#access_token=<token>
&token_type=Bearer&expires_in=3599
&scope=https://www.googleapis.com/auth/drive.file%20https://www.googleapis.com/auth/drive.install
服务器收到APIGateway事件
{
version: '2.0',
routeKey: 'GET /google-drive/callback',
rawPath: '/google-drive/callback',
rawQueryString: '',
headers: {
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en;q=0.5',
'content-length': '0',
host: 'jmvd2hngq3.execute-api.us-east-1.amazonaws.com',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'none',
'sec-fetch-user': '?1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0',
'x-amzn-trace-id': 'Root=1-6609a719-148a9dd90fa586d725643c88',
'x-forwarded-for': '68.23.54.13',
'x-forwarded-port': '443',
'x-forwarded-proto': 'https'
},
queryStringParameters: {},
requestContext: {
accountId: '87438545',
apiId: 'kjndf98n49v',
domainName: 'kjndf98n49v.execute-api.us-east-1.amazonaws.com',
domainPrefix: 'kjndf98n49v',
http: {
method: 'GET',
path: '/google-drive/callback',
protocol: 'HTTP/1.1',
sourceIp: '65.30.11.25',
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0'
},
requestId: 'lkljSDLVK=',
routeKey: 'GET /google-drive/callback',
stage: '$default',
time: '31/Mar/2024:18:10:33 +0000',
timeEpoch: 1711908633334
},
isBase64Encoded: false
}
OAuth 起始网址:
https://accounts.google.com/o/oauth2/v2/auth
?client_id=<client-id>
&redirect_uri=https://kjndf98n49v.execute-api.us-east-1.amazonaws.com/google-drive/callback
&response_type=access_token
&scope=https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.install
收到的回调 URL 包含一个
#
片段。 这些不会发送到服务器
Google 在 URL 中包含该片段的原因是 OAuth 起始 URL 的
response_type
设置为 access_token
如果您将该值更改为
code
,Google 将格式化回调以使用 queryString 参数,并且 ApiGatewayProxyEvent 将包含访问令牌。
response_type=code
适用于 服务器集成,而 response_type=access_token
适用于 Web 应用程序
OAuth 规范还提供了文档,介绍了您可以在 OAuth 授权流程请求中设置的值