令牌端点网址。
这是您托管且 Google 会调用的令牌端点的网址。应通过 HTTPS 接受流量,并且仅接受来自其他已知服务(例如 Google 的服务)的流量。例如 https://oauth2.example.com/token。
授权端点和令牌端点可能托管在不同的网域中。
可选的令牌撤消端点网址。
这是您托管且 Google 会调用撤消端点的网址。应通过 HTTPS 接受流量,并且仅接受来自其他已知服务(例如 Google 的服务)的流量。例如 https://oauth2.example.com/revoke。
您的授权端点、令牌端点和撤消端点可能托管在不同的网域中。
Google 的客户端 ID 和客户端密钥。
您必须为 Google 分配一个客户端 ID(用于在 OAuth 2.0 请求中标识请求的来源)和一个客户端密钥(用于防止请求伪造)。Google 客户端 ID 和客户端密钥可以是您选择的任何网址安全字符串值。您必须确保只有 Google 和您的服务才能看到客户端密钥。
可选的范围字符串。根据您的 API 提供多少用户数据以及提供哪些类型的用户数据,您可能需要定义表示不同类别用户数据的范围。这样一来,相关方可以向您的用户请求仅访问特定类型的数据的权限,并将客户端可用的数据限制为仅限授权范围。具体而言,如果您的服务提供的数据量超过了与 Google 集成所需的量,您可以使用范围仅授予对部分数据的访问权限。
[null,null,["最后更新时间 (UTC):2025-07-29。"],[[["\u003cp\u003eBefore integrating with Google services (excluding Google Assistant), gather necessary information like authorization and token endpoint URLs and contact your developer relations representative.\u003c/p\u003e\n"],["\u003cp\u003eYou need to provide Google with a client ID and secret, which can be any URL-safe string, and ensure the client secret remains confidential.\u003c/p\u003e\n"],["\u003cp\u003eWhen setting up your authorization endpoint, allowlist the provided \u003ccode\u003eredirect_uri\u003c/code\u003e for Google's client ID.\u003c/p\u003e\n"],["\u003cp\u003eOptionally, you can enhance security by implementing a token revocation endpoint, Cross-Account Protection, and defining scopes to limit data access for Google.\u003c/p\u003e\n"],["\u003cp\u003eTo initiate the process, locate your Google API Project ID within the Google API Console.\u003c/p\u003e\n"]]],[],null,["If you plan to integrate with the Google Assistant, see\n[Actions on Google Console](https://console.actions.google.com/).\n\nOtherwise, before you add OAuth 2.0 authorization to your service, prepare the\nfollowing information and contact your developer relations or business\ndevelopment representative:\n\n- **Authorization endpoint URL** .\n This is the URL for the\n [authorization endpoint](https://tools.ietf.org/html/rfc6749#section-3.1)\n which you host and that Google makes calls to. Traffic should be accepted\n over HTTPS only. For example, `https://myservice.example.com/auth`.\n Oftentimes an existing sign-in page can be adapted to serve as the\n authorization endpoint.\n\n The `redirect_uri` sent as a parameter to your authorization endpoint will have the following form: \n\n ```\n https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID\n https://oauth-redirect-sandbox.googleusercontent.com/r/YOUR_PROJECT_ID\n ```\n\n \u003cbr /\u003e\n\n The`redirect_uri` should be allowlisted for the `client_id` you assign to Google.\n- **Token endpoint URL** .\n This is the URL for the\n [token endpoint](https://tools.ietf.org/html/rfc6749#section-3.2)\n which you host and Google makes calls to. Traffic should be accepted over\n HTTPS and only from other known services (such as Google's).\n For example, `https://oauth2.example.com/token`.\n The authorization and token endpoints may be hosted on different domains.\n\n- **Optional token revocation endpoint URL** .\n This is the URL for the\n [revocation endpoint](https://tools.ietf.org/html/rfc7009)\n which you host and Google makes calls to. Traffic should be accepted over\n HTTPS and only from other known services (such as Google's).\n For example, `https://oauth2.example.com/revoke`.\n Your authorization, token and revocation endpoints may be hosted on different\n domains.\n\n- **Optional Cross-Account Protection (RISC) URL**.\n This is a URL you host and Google makes calls to. You may chose the value.\n\n- **Client ID and client secret for Google**.\n You must assign Google a client ID, which is used in OAuth 2.0 requests to\n identify the request's origin, and a client secret, which is used to prevent\n request forgery. The Google client ID and client secret can be any URL-safe\n string values of your choice. You must ensure that the client secret is\n visible to only Google and your service.\n\n- **Optional scope strings**.\n Depending on how much and what kind of user data your API makes available,\n you might want to define scopes that represent different categories of user\n data. By doing so, parties can ask permission from your users to access only\n certain kinds of data, and restrict the data available to clients to only the\n authorized scopes. In particular, if your service makes more data available\n than necessary for integration with Google, you might use scopes to grant\n access to only some of the data.\n\n\u003c!-- --\u003e\n\n- **Your Google API Project ID**\n\n To view your project ID:\n 1. Go to the [Google API Console](https://console.developers.google.com/project).\n 2. Find your project in the table on the landing page. The project ID appears in the **ID** column.\n\n| **Note:** Requests to your OAuth endpoints can come from any number of Google IP Address. We do not recommend maintaining a list of allowed IPs and Google does not publish such a list. This is because the list is dynamic and subject to change at any time. Such a list will become outdated and lead to outages and a poor experience for users. Instead, a reverse lookup to confirm requests originate from Google can be used. See [Verifying Googlebot](https://developers.google.com/search/docs/advanced/crawling/verifying-googlebot?visit_id=637552176006795991-2252054900&rd=1) for details on how to identify Google requests."]]