Google 客户端无效的 JWT:令牌必须是短期令牌
我正在使用 Google 的 php api 客户端.我正在浏览服务帐户的快速入门指南.我完美地遵循了这些步骤(据我所知).我遇到了以下错误:
I am using Google's php api client. I am running through the quickstart guide for service accounts. I followed the steps perfectly (as far as I can tell). I am running into the following error:
{
"error": "invalid_grant",
"error_description": "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems."
}
据我所知,此错误最常见的问题是系统时间是否错误.我已经三次检查我的时区、日期和时间是否与原子钟同步.我使用 php set timezone 函数来设置我的时区以匹配我的电脑,但我仍然收到错误消息.我正在查看提到 iat 和 exp 设置的消息的另一部分,但还没有找到任何地方.
From what I have read the most common problem with this error is if the system time is wrong. I have triple checked that my timezone and date and time are synced with the atomic clock. I used php set timezone function to set my timezone to match my computer, but I continue to get the error. I am looking into the other part of the message that mentions the iat and exp settings, and haven't gotten anywhere yet.
有没有人知道我如何克服这个问题?
Does anyone have any ideas of how I can get past this?
推荐答案
Invalid_grant 错误有两个常见原因:
Invalid_grant error has two common causes:
您服务器的时钟与 NTP 不同步.
解决方案:检查服务器时间.如果不正确,请修复它.
Solution: Check the server time. If it's incorrect, fix it.
已超出刷新令牌限制.
解决方案:您无能为力 - 他们不能使用更多刷新令牌.
Solution: Nothing you can do - they can't have more refresh tokens in use.
应用程序可以请求多个刷新令牌.例如,这在用户想要在多台机器上安装应用程序的情况下很有用.在这种情况下,需要两个刷新令牌,每个安装一个.当刷新令牌的数量超过限制时,旧令牌将失效.如果应用程序尝试使用无效的刷新令牌,则会返回 invalid_grant 错误响应.
Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.
每对唯一的 OAuth 2.0 客户端的限制为 50 个刷新令牌(请注意,此限制可能会发生变化).如果应用程序继续为同一个 Client/Account 对请求刷新令牌,一旦发出第 26 个令牌,先前发出的第一个刷新令牌将失效.第 27 个请求的刷新令牌将使先前颁发的第 2 个令牌无效,依此类推.
The limit for each unique pair of OAuth 2.0 client and is 50 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.
相关文章