英文:
How to get google e-mail using OAuth2 in Golang correctly
问题
我已经尝试使用golang.com/x/oauth2库成功进行了OAuth身份验证。
// provider变量是oauth2.Config
// scope是:https://www.googleapis.com/auth/userinfo.email
url := provider.AuthCodeURL(``) // 重定向URL
在从客户端重定向回来后,我成功发送了auth_code。
auth_code := ctx.Request.URL.RawQuery // code=XXXX
if len(auth_code) > 5 {
auth_code = auth_code[5:] // XXXX
}
tok, err := provider.Exchange(oauth2.NoContext, auth_code)
if err == nil {
client := provider.Client(oauth2.NoContext, tok)
email_url := `https://www.googleapis.com/auth/userinfo.email`
response, err := client.Get(email_url)
if err == nil {
ctx.Render(`login_oauth`, response)
}
}
在response中找不到关于电子邮件部分的信息(Body为空)。
第一个问题:如何正确获取电子邮件?而不使用Google+ API。
编辑#2:我尝试使用另一个oauth2.Config的scope:
https://www.googleapis.com/auth/plus.profile.emails.read
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
并尝试使用较新的API检索电子邮件:
https://www.googleapis.com/plus/v1/people/me
但是返回403 Forbidden。
编辑#3:我尝试使用另一个scope:
openid
profile
email
并尝试使用以下URL检索电子邮件:
https://www.googleapis.com/oauth2/v3/userinfo
但仍然返回空的Body,与之前相同。
第二个问题:我可以重用oauth2.Config(provider)变量用于另一个用户吗?还是应该为每个用户创建副本?
英文:
I've already tried to authenticate using OAuth sucessfully with golang.com/x/oauth2 library.
// provider variable is oauth2.Config
// scope is: https://www.googleapis.com/auth/userinfo.email
url := provider.AuthCodeURL(``) // redirect URL
after getting redirected back from the client, I send the auth_code successfully
auth_code := ctx.Request.URL.RawQuery // code=XXXX
if len(auth_code) > 5 {
auth_code = auth_code[5:] // XXXX
}
tok, err := provider.Exchange(oauth2.NoContext, auth_code)
if err == nil {
client := provider.Client(oauth2.NoContext, tok)
email_url := `https://www.googleapis.com/auth/userinfo.email`
//Log.Describe(client)
response, err := client.Get(email_url)
if err == nil {
ctx.Render(`login_oauth`, response)
//handled = true
}
}
//Log.Describe(err)
I found nothing that tells the e-mail part on the response (the Body is empty):
{
"Status": "200 OK",
"StatusCode": 200,
"Proto": "HTTP/1.1",
"ProtoMajor": 1,
"ProtoMinor": 1,
"Header": {
"Alternate-Protocol": [
"443:quic,p=0.5"
],
"Cache-Control": [
"private, max-age=0"
],
"Content-Type": [
"text/plain"
],
"Date": [
"Tue, 14 Apr 2015 05:52:17 GMT"
],
"Expires": [
"Tue, 14 Apr 2015 05:52:17 GMT"
],
"Server": [
"GSE"
],
"X-Content-Type-Options": [
"nosniff"
],
"X-Frame-Options": [
"SAMEORIGIN"
],
"X-Xss-Protection": [
"1; mode=block"
]
},
"Body": {}, // empty!!!
"ContentLength": -1,
"TransferEncoding": [
"chunked"
],
"Close": false,
"Trailer": null,
"Request": {
"Method": "GET",
"URL": {
"Scheme": "https",
"Opaque": "",
"User": null,
"Host": "www.googleapis.com",
"Path": "/auth/userinfo.email",
"RawQuery": "",
"Fragment": ""
},
"Proto": "HTTP/1.1",
"ProtoMajor": 1,
"ProtoMinor": 1,
"Header": {
"Authorization": [
"Bearer ya29.VQFRHDe21t7g2cUhN8sUwjpRRi10XldgLe0RFhMe2ZxgyRo7q90HoKES5WmcucwKqtjZdq_KvYjKiQ"
]
},
"Body": null,
"ContentLength": 0,
"TransferEncoding": null,
"Close": false,
"Host": "www.googleapis.com",
"Form": null,
"PostForm": null,
"MultipartForm": null,
"Trailer": null,
"RemoteAddr": "",
"RequestURI": "",
"TLS": null
},
"TLS": {
// really long output
}
}
First question, how to get the e-mail correctly? without using Google+ API.
edit #2 I've tried using another scope for oauth2.Config:
https://www.googleapis.com/auth/plus.profile.emails.read
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
and try to retrieve the e-mail using newer API:
https://www.googleapis.com/plus/v1/people/me
but it gives 403 Forbidden
edit #3 I've tried using another scope:
openid
profile
email
and try to retrieve the e-mail using this URL:
https://www.googleapis.com/oauth2/v3/userinfo
but it still give empty Body as before.
Second question, can I reuse the oauth2.Config (provider) variable for another user? or should I create a copies for each user?
答案1
得分: 4
抱歉,我应该先阅读response.Body,例如:
response, err = client.Get(`https://accounts.google.com/.well-known/openid-configuration`)
body, err := ioutil.ReadAll(response.Body)
response.Body.Close()
根据这个文档,我们应该首先从该URL获取数据,然后从上述结果中的userinfo_endpoint获取电子邮件,例如:
// json := json_to_map(body)
// get json[`userinfo_endpoint`]
// response, err = client.Get(json[`userinfo_endpoint`])
// body, err := ioutil.ReadAll(response.Body)
// response.Body.Close()
// json = json_to_map(body)
// json[`email`]
对于第二个问题,oauth2.Config结构是可重用的。
英文:
My bad, I should read the response.Body first, for example:
response, err = client.Get(`https://accounts.google.com/.well-known/openid-configuration`)
body, err := ioutil.ReadAll(response.Body)
response.Body.Close()
According to this document, we should fetch from that URL first, then fetch from userinfo_endpoint from the result above to retrieve the e-mail, for example:
// json := json_to_map(body)
// get json[`userinfo_endpoint`]
// response, err = client.Get(json[`userinfo_endpoint`])
// body, err := ioutil.ReadAll(response.Body)
// response.Body.Close()
// json = json_to_map(body)
// json[`email`]
For the second question, the oauth2.Config struct is reusable.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论