Google 和 Oauthlib - 范围已更改

Question

我正在使用 OAuthlib 来执行 Google 的 OAuth 流程。它工作了 4 到 5 个月。突然我开始出现以下错误：

File "/home/whitesnow-2/Gaurav/Axonator/AxVirtualEnv/local/lib/python2.7/site-packages/oauthlib/oauth2/rfc6749/parameters.py", 
line 409, in validate_token_parameters raise w Warning: Scope has changed from 
"https://www.googleapis.com/auth/calendar 
https://www.googleapis.com/auth/docs 
https://www.googleapis.com/auth/spreadsheets 
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email 
https://www.googleapis.com/auth/userinfo.profile" to 
"https://www.googleapis.com/auth/calendar 
https://www.googleapis.com/auth/docs 
https://www.googleapis.com/auth/spreadsheets 
https://www.googleapis.com/auth/drive.file 
https://www.googleapis.com/auth/userinfo.email 
https://www.googleapis.com/auth/userinfo.profile".

以下是生成 OAuth 授权 URL 的代码：

flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
    settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
    scopes=['https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'],
    redirect_uri=REDIRECT_URI
)
authorization_url, state = flow.authorization_url(
    access_type='offline',
    include_granted_scopes='true',
    prompt='consent'
)

以下是 Google OAuth 回调的代码：

auth_code = request.GET.get("code")
objectid = request.GET.get("state")
error = request.GET.get("error")
if error == "access_denied":
    return "Access Denied"
else:
    flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
        settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
        scopes=['https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'],
        redirect_uri=REDIRECT_URI
    )
    flow.fetch_token(code=auth_code)

Answer 1

您可以通过设置OAUTHLIB_RELAX_TOKEN_SCOPE 环境变量来禁用此警告；这应该适用于您不控制调用 oauth 库的代码的情况。

这是在 oauthlib 库中实现的地方：

https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/parameters.py#L401

Answer 2

通过在回调函数中将作用域设置为None，我能够绕过该问题。

flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
        settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
        scopes=None,
        redirect_uri=REDIRECT_URI
    )
flow.fetch_token(code=auth_code)

Answer 3

即使我也有同样的问题。我已通过删除 flow.authorization_url 中的include_granted_scopes='true', 来解决此问题

Answer 4

之前的所有答案都对我不起作用。我通过添加这一行解决了它：

os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '1'

Answer 5

我将https://www.googleapis.com/auth/plus.me 范围添加到我创建Flow 对象的位置：

Flow.from_client_config(
    secrets_json_string,
    scopes=[
        (…),
        'https://www.googleapis.com/auth/plus.me',
    ],
    redirect_uri=redirect_url
)

Answer 6

我不知道这是错误，但范围应该是列表范围而不是一个字符串 - 更改此：

flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
            settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
            scopes=['https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'],
            redirect_uri=REDIRECT_URI
        )

到这里：

flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
            settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
            scopes=[
                'https://www.googleapis.com/auth/calendar', 
                'https://www.googleapis.com/auth/docs', 
                'https://www.googleapis.com/auth/spreadsheets', 
                'https://www.googleapis.com/auth/drive.file', 
                'https://www.googleapis.com/auth/userinfo.email', 
                'https://www.googleapis.com/auth/userinfo.profile'],
            redirect_uri=REDIRECT_URI
        )