Google Javascript API 401与Fusion表的凭据无效

401无效回复：从谷歌搜索的回复来看，这似乎是一个相当普遍的问题，但不幸的是，这些都没有帮助我完全解决我的问题

我有一个网页，需要基于谷歌的登录，然后从融合表中选择数据。在登录过程中，我检查用户是否具有对fusion表的适当访问权限，这样我就知道登录已成功，并且他们是允许编辑该表（共享给特定人员）的有效用户。我还检查收到的令牌是否有效。因此，对于每个成功登录，我知道他们有访问表的权限（已与他们共享）和有效令牌（他们已登录）

由于这是一个JavaScript应用程序，因此没有刷新令牌，只有访问令牌（在线访问）。提示中确实显示了离线访问，但我认为这只是谷歌的默认设置。我没有设置APIKey，它解决了另一个401错误，这是一些用户（不幸的是，不是相同的用户）从中产生的。该请求在GoogleOAuth开发者控制台中运行良好

大多数用户可以很好地访问它，但是对于一些用户，当他们运行查询从融合表中选择数据时，在发送get请求时，他们总是会收到401错误（在控制台中显示为401（未筛选），在返回的错误中显示为401：无效凭据）。然而，我无法在我的机器上重现这个问题，我被困在为什么会发生这个问题以及我下一步能做什么的问题中

这是非常困难的远程用户的机器，我不能安装软件，如Fiddler来查看标题，因此控制台日志

我附加了一个用户控制台的映像，其中包含一个失败的请求。GET请求在我的机器上看起来完全相同（在我的机器上工作正常）。您可以看到令牌是有效的，它们已登录等

以下是相关代码的精简版本（删除了敏感信息），其中包含额外的调试代码，如checkAuth、validateToken和handleAuthResult2：

var clientId = 'my_client_id.apps.googleusercontent.com';
var ftTableID = 'fusiontableidstring';
var scopes = 'https://www.googleapis.com/auth/fusiontables https://www.googleapis.com/auth/drive.metadata.readonly  https://www.googleapis.com/auth/userinfo.email';
var accessToken;  
var email;
var name;  
var params = {
    'clientid': clientId,
    'cookiepolicy': 'single_host_origin',
    'scope': scopes,
    'approvalprompt': 'force',
    'include_granted_scopes': true,
    'callback': handleAuthResult
    };
gapi.auth.signIn(params);

//debug code
function validateToken() {
    $.ajax({
        url: 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' + accessToken,
        data: null,
        success: function(response){
            console.log(response)
            if (response.audience == clientId) {
                console.log('Our token is valid....');
            } else {
                console.log(response.audience + ' not equal to ' + clientId);
            }
        },  
        error: function(error) {
            console.log(error)
            console.log('Our token is not valid....');
        },
        dataType: "jsonp" 
    });
}

function checkAuth() {
    console.log("checking authorization");
    gapi.auth.authorize(
        {'client_id': clientId, 'scope': scopes, 'immediate': true},
        handleAuthResult2);
}

function handleAuthResult2(authResult) {
    if (authResult) { //result
        console.log(authResult.status);
        console.log(authResult);

        if (authResult.error) {
            reset();
            gapi.auth.authorize(
                {'client_id': clientId, 'scope': scopes, 'immediate': false},
                handleAuthResult);
        } else {
        }
    }
}
//end debug code

// Handle the results of the OAuth 2.0 flow.
function handleAuthResult(authResult) {
    if (authResult) { //result
        if (authResult.error) {
            console.log(authResult.error);
            reset();
        } else {
            //successfully signed in, requests can be sent (will automatically contain access token)
            accessToken = authResult.access_token;
            validateToken(); //debug only
            //check who the user is
            gapi.client.load('plus','v1').then(function() {
                gapi.client.plus.people.get({
                    'userId': 'me'
                }).then(function(res) {
                    var profile = res.result;
                    email = profile.emails[0].value;
                    name = profile.displayName;
                    document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ")" ;
                 //check permissions
                    }).then(function() {
                        gapi.client.load('drive', 'v2').then(function() {
                            gapi.client.drive.permissions.getIdForEmail({
                                'email': email,
                            }).then(function(resp) {
                                var userid = resp.result.id;
                                gapi.client.drive.permissions.get({
                                    'fileId': ftTableID,
                                    'permissionId': userid
                                }).then(function(resp2) {
                                    if(resp2.status == 200) {
                                    document.getElementById("signinconfirmation").innerHTML = "You are signed in as " + email + "(" + name + ") with correct permissions." ;
                                    } else {
                                    document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
                                    } 
                                },
                                 function(reason) { //drive permissions failed
                                document.getElementById("signinconfirmation").innerHTML = name + " at " + email + " does not have the appropriate permissions to edit this table.";
                                });
                        });
                    });
                });
            });
        }
    }
}

// build the request to SELECT data from Fusion Table.
function selectData() {
        var sqlValue = document.getElementById("searchvalue").value;
        var matchCondition = "CONTAINS";
        if (sqlValue.length == 0) {
            alert('No value entered!')
        } else {
            //escape single quotes in sqlValue
            sqlValue = sqlValue.replace(/'/g, "\\'");
            var sql = "SELECT ROWID, COUNTRY FROM " + ftTableID + " WHERE COUNTRY " + matchCondition + " '" + sqlValue + "' ORDER BY ADMINNAME";  
            query(sql, 'select-data-output');
        };
}
// Send SQL query to Fusion Tables.
function query(query, element) {
    var lowerCaseQuery = query.toLowerCase();
    var path = '/fusiontables/v2/query';
    var callback = function(element) {
        //handle response depending on output element
        return function(resp) {
            if (resp.rows) {
                createTable(resp, element);
            } else {
                //no rows returned
                if (resp.error) {
                    var tableID = element;
                    clearTable(tableID);
                    var tableDiv = document.getElementById(tableParentDiv);
                    var tableElement = document.createElement('table');
                    tableElement.id = tableID;

                    if (resp.error.code) {
                        var errorText = "Error code: " + resp.error.code;
                        errorText += '\n' + resp.error.message;
                        tableElement.innerHTML = errorText;
                    } else {
                        tableElement.innerHTML = "An unknown error occurred " + resp.error;
                    }
                    tableDiv.appendChild(tableElement);
                    if (resp.error.code == 401) {
                        checkAuth(); //debug only
                    }

                } else {
                    alert("No results for that search. Check spelling and select from options.");
                     clearTable(element);
                } 
            }
        };
    }
    if (lowerCaseQuery.indexOf('select') != 0 &&
        lowerCaseQuery.indexOf('show') != 0 &&
        lowerCaseQuery.indexOf('describe') != 0) {
        // is update query
        var body = 'sql=' + encodeURIComponent(query);
        runClientRequest({
            path: path,
            body: body,
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
              'Content-Length': body.length
            },
            method: 'POST'
        }, callback(element));
    } else {
        runClientRequest({
            path: path,
            params: { 'sql': query }
        }, callback(element));
    }
}

// Execute the client request.
function runClientRequest(request, callback) {
    var restRequest = gapi.client.request(request);
    console.log("the restRequest is: " + JSON.stringify(restRequest));
    restRequest.execute(callback);
}

---

对于后代：问题不是OAuth进程，而是用户没有设置正确的GoogleApps域权限。当组织为用户子域打开fusion table服务时，错误消失。

发现问题，它与OAuth进程无关，并且组织阻止访问的google apps域权限存在问题。