方框oauth2：无效的grant

本文介绍了方框oauth2：无效的grant_type参数或缺少参数的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我不知道我做错了什么，但是每次我尝试获取令牌时（当然是在用户身份验证之后），结果始终是无效的grant_type参数或缺少参数

I don't know what I do wrong, but everytime I tried to obtain the token (after user authentication of course), the result is always Invalid grant_type parameter or parameter missing

可能与框相关API在获取访问令牌时始终返回无效的grant_type参数

这是我的提琴手结果：

POST api.box/oauth2/token HTTP/1.1 Host: api.box Content-Length: 157 Expect: 100-continue Connection: Keep-Alive grant_type=authorization_code&code=nnqtYcoik7cjtHQYyn3Af8uk4LG3rYYh&client_id=[myclientId]&client_secret=[mysecret]

结果：

HTTP/1.1 400 Bad Request Server: nginx Date: Thu, 07 Mar 2013 11:18:36 GMT Content-Type: application/json Connection: keep-alive Set-Cookie: box_visitor_id=5138778bf12a01.27393131; expires=Fri, 07-Mar-2014 11:18:35 GMT; path=/; domain=.box Set-Cookie: country_code=US; expires=Mon, 06-May-2013 11:18:36 GMT; path=/ Cache-Control: no-store Content-Length: 99 {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}

即使在curl示例之后也给出了相同的错误。任何帮助将不胜感激。

Even following the curl example gives the same error. Any help would be appreciated.

编辑：尝试使用其他redirect_uri参数，但仍存在相同错误

tried with additional redirect_uri params but still the same error

POST api.box/oauth2/token HTTP/1.1 Content-Type: application/json; charset=UTF-8 Host: api.box Content-Length: 187 Expect: 100-continue Connection: Keep-Alive grant_type=authorization_code&code=R3JxS7UPm8Gjc0y7YLj9qxifdzBYzLOZ&client_id=*****&client_secret=*****&redirect_uri=localhost

结果：

HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 09 Mar 2013 00:46:38 GMT Content-Type: application/json Connection: keep-alive Set-Cookie: box_visitor_id=513a866ec5cfe0.48604831; expires=Sun, 09-Mar-2014 00:46:38 GMT; path=/; domain=.box Set-Cookie: country_code=US; expires=Wed, 08-May-2013 00:46:38 GMT; path=/ Cache-Control: no-store Content-Length: 99 {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}

推荐答案

像Box要求正确的 Content-Type：application / x-www-form-urlencoded 请求标头，以及对参数进行正确的URL编码。似乎同样适用于刷新和撤消请求。

Looks like Box requires a correct Content-Type: application/x-www-form-urlencoded request header in addition to properly URL encoding the parameters. The same seems to apply to refresh and revoke requests.

此外，根据 RFC 6749 ， redirect_uri 仅

必需，如果如第4.1.1节所述，授权请求中包含 redirect_uri参数，则其值必须相同。

REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.