Google OAuth 2.0 clearing application session variables
I am using OAuth 2.0 to Access Google APIs. redirect user to authentication url as specified in documentation -
https://accounts开发者_如何学JAVA.google.com/o/oauth2/auth?
client_id=21302922996.apps.googleusercontent.com&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
scope=https://www.google.com/m8/feeds/&
response_type=code
On successful authentication, it redirects me back to redirect_uri with authentication code, but it also clears my application's session variables. I have tried different variations but problem still persists. I am using PHP's $_SESSION for session management, and have integrated other API's too, it works fine with other APIs (e.g.- Twitter)
Maybe you are using some kind of csrf protection and the callback is detecting it has not the correct csrf-code?, (You can use the state opaque parameter to preserve state between authorization request call and callback call. https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-20#section-4.1.1 )
精彩评论