can I use grant_type=client_credentials for google

2020-04-21 07:39发布

问题:

I create a clientid, and clientcredentials in google console. when I request the token with grant_type=client_credentials. I got 401 unauthrorized.

{
  "error": "invalid_client",
  "error_description": "Unauthorized",
  "error_uri": ""
}

回答1:

The error means that you are not authenticated. Also client_credentials is not a valid value for grant_type that I am aware of.

The only ones I know of are

  • authorization_code
  • refresh_token

It looks like grant_type=client_credentials is part of the RFC for Oauth2 but its not something I have seen implemented in Googles Authentication servers.

Anwser: No to my knowledge you cant use grant_type=client_credentials with Google APis.

update: just got word back from Google. I was correct they do not support this grant_type.



回答2:

The Grant Type: Client Credentials (client_credentials) is not supported by Google OAuth 2.0. Google only supports two types of OAuth grants:

  • authorization_code
  • refresh_token

The Grant Type Client Credentials is used for obtaining an Access Token for the account specified by Client ID and is not used for User Authentication. This type of access is not supported by Google.

The OP was also using Basic Authorization: base64(Client_ID:Client_Secret) and this form is not supported by Google.

There are a few OAuth servers that support these additional forms such as IBM's App ID. Google OAuth 2.0 is not one of them.