OAuth2.0的尝试使用刷新令牌

Question

使用谷歌的oauth2操场时无效请求：https://developers.google.com/oauthplayground/ 如下：https://developers.google.com/accounts/docs/OAuth2WebServer#offline

任何人都为什么我收到无效的请求？

POST /o/oauth2/token HTTP/1.1 
Host: accounts.google.com 
Content-length: 209 
Content-type: application/x-www-form-urlencoded 
Authorization: OAuth ya29.XXXXXXXX 

client_id=XXXXXXXXX& 
client_secret=XXXXXXXXX& 
refresh_token=1/0ffkj5lggn8XXXXXXXXX& 
grant_type=refresh_token 

HTTP/1.1 400 Bad Request 
Content-length: 33 
X-xss-protection: 1; mode=block 
X-content-type-options: nosniff 
X-google-cache-control: remote-fetch 
-content-encoding: gzip 
Server: GSE 
Reason: Bad Request 
Via: HTTP/1.1 GWA 
Pragma: no-cache 
Cache-control: no-cache, no-store, max-age=0, must-revalidate 
Date: Thu, 11 Oct 2012 21:29:55 GMT 
X-frame-options: SAMEORIGIN 
Content-type: application/json 
Expires: Fri, 01 Jan 1990 00:00:00 GMT 

{ 
    "error" : "invalid_request" 
} 

Answer 1

如果你得到400是因为你添加了一个无效的参数或缺少一个。

编辑：

我相信从给出的数据有一个额外的头授权。这是在使用的oauth2只有当在的access_token头传递，而清爽的access_token没有必要提供相同的标题进行身份验证的调用

Authorization : Bearer XXXXXXXXXXXXXXXX 

。

https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh