I am already using google app for authentication. Now I have added additional URLs to "Authorized redirect URIs" but those URL are not working. Old ones are working properly but when I am using new URL google returns below error instead of google auth token.
{"error":"redirect_uri_mismatch","error_description":"Bad Request"}
Please suggest me solution.
Here is my code to generate login url :
require_once "../vendor/autoload.php";
$gClient = new Google_Client();
$gClient->setClientId("clientID");
$gClient->setClientSecret("clientSECRET");
$gClient->setApplicationName("MY GOOGLE APP");
$gClient->setRedirectUri("https://example.com/TEST/authenticate/pages_authnicate_google.php");
$gClient->addScope("https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/spreadsheets");
$gClient->setAccessType("offline");
$gClient->setPrompt('consent');
$loginURL = $gClient->createAuthUrl();
Double-check that what you sent earlier in the authorization request matches what you send in the request to the token endpoint. You can use either URL that you've configured in the API Console but it must be the same in both requests.
Make sure redirect_uri: 'https://www.example.org/token' is same configured on Google Client API with 'Authorized redirect URIs' block.
In my case, it works...!!!
Related
I have an issue with Socialite authentication via Google. I have two separate apps: Laravel and React Native. For react native app I use #react-native-community/google-signin and after getting a token on the client I'm sending it to the Laravel app, where I pass this token into Socialite function: Socialite::driver('google')->userFromToken($token); . I get this error:
Client error: GET https://www.googleapis.com/oauth2/v3/userinfo?prettyPrint=false resulted in a 401 Unauthorized response:
{
"error": "invalid_request",
"error_description": "Invalid Credentials"
}
I've rechecked credentials 4 times and I'm sure they are right. I use the same client id as in react native app. What am I doing wrong?
Note: I am using ID token to authorise instead of auth token.
From my research on a similar issue - It looks like Google one tap doesn't work in the same way as oAuth does.
So, you'd have to fetch a user from the $token manually, using the google/apiclient package.
There's an example in Google docs (it's in the android-section, but these particular snippets refer to back-end part, so it should still do the trick)
composer require google/apiclient
// Get $id_token via HTTPS POST.
$client = new Google_Client(['client_id' => $CLIENT_ID]); // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$userid = $payload['sub'];
// If request specified a G Suite domain:
//$domain = $payload['hd'];
} else {
// Invalid ID token
}
You can find more info on this Google Docs Page
I am having account in sandbox.coinbase and I have used oauth2 where I have add new app.
It'll provide me :
clientid = 'xxxxxxxx'
clientsecreateid = 'xxxxxxxxxxxxxxxx'
authredirecturl = 'xxxxxxx'
But when I am configure it using below code
$configuration = Configuration::oauth($accessToken);
$client = Client::create($configuration);
I need $accessToken, I go through the document file but I can't find anywhere so any one have idea where to find or how to get accessToken..?
As the documentation states:
This library does not handle the handshake process, and assumes you
have an access token when it's initialized. You can handle the
handshake process using an OAuth2 client such as league/oauth2-client.
So you have to use the oauth2 client first, configure it with the coinbase server (using clientId, clientSecret and redirectUrl that you have) and pass the authorization process (much like "Login with facebook"). At the end of the oauth2 authorization coinbase will send you both access token and refresh token. They are generated on-the-fly.
Alternatively as I can see you can use the apiKey/apiSecret mode. This is essentially like having login/password.
I am testing the Gmail API.
So far I have done the following:
I have created the project in the Google Developers Console
I have enabled the Gmail API.
I have created a new Client ID and the client secret.
In my PHP script I have installed the PHP Client library and followed
the instructions for the setup in PHP.
So now when I run the file quickstart.php it gives a link. When I open it, it appears an authorization page where I authorize my application to access the Gmail API.
Then it redirects to the Redirect URIs that I have declared in the setup (adding the code parameter).
In the address bar it appears exactly this:
http://localhost/main/gmail_callback?code=MY_CODE
Where main is my controller and gmail_callback so far is just a blank function.
And it should be correct since these are my settings:
Javascript origins: http://localhost
Redirect URIs: http://localhost/main/gmail_callback
What do I do next?
The next step in the flow is to exchange the Authorization Code for an Access Token (which will also include a Refresh Token if you requested offline access). If you use the https://developers.google.com/oauthplayground/ to execute the flow manually, you'll be able to see the URLs involved. There is a php library call to do the same thing, but I personally prefer to send my own HTTP rather than use a library. Even if you do use a library, it will still be worth spending a little time to understand the HTTP flow so you can more easily debug any problems you encounter.
Basically I was approaching wrongly. Following these instructions is enough to get the tokens:
https://developers.google.com/gmail/api/quickstart/php
The main point is to access the file from the command line and not from the app.
I made a Oauth Gmail some months ago, I got something like this :
In my callback function :
if (! isset($_GET['code'])) {
$auth_url = $client->createAuthUrl();
return $this->redirect($auth_url);
} else {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$redirect_uri = Router::url('/', true).'Users/gmail';
return $this->redirect($redirect_uri);
}
And in my gmail() function :
public function gmail(){
require APPLIBS.'Google/src/Google'.DS.'autoload.php';
$client = new Google_Client();
$client->setAuthConfigFile('../Config/client_secrets.json');
$client->addScope(Google_Service_Oauth2::PLUS_LOGIN);
$client->addScope(Google_Service_Oauth2::USERINFO_EMAIL);
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
$client->setAccessToken($_SESSION['access_token']);
$oauth_service = new Google_Service_Oauth2($client);
$data['Profile']['last_name'] = $oauth_service->userinfo->get()->familyName;
}
}
$data['Profile']['last_name'] contain the last_name of the user, for example.
I simply don't really understand how this whole OAuth authentification thing works and I'm pretty much stuck. I'm trying to let a user authentificate his/her YouTube account to my server using the Google PHP Client API.
Here's my current code:
<?php
require_once app_path().'/google-apis/Google_Client.php';
require_once app_path().'/google-apis/contrib/Google_YouTubeService.php';
class SignupController extends BaseController {
public function showSignupForm() {
$client = new Google_Client();
$client->setClientId('CLIENTID');
$client->setClientSecret('CLIENTSECRET');
$client->setAccessType('offline');
$client->setDeveloperKey('DEVKEY');
$youtube = new Google_YoutubeService($client);
$client->authenticate(Input::get('code'));
$token = json_decode($client->getAccessToken());
return View::make('signup')->with('google_token', $token->access_token);
}
public function getYTAccess() {
$client = new Google_Client();
$client->setClientId('CLIENTID');
$client->setClientSecret('CLIENTSECRET');
$client->setAccessType('offline');
$client->setDeveloperKey('DEVKEY');
$client->setRedirectUri('REDIRECT_URI');
$youtube = new Google_YoutubeService($client);
$authUrl = $client->createAuthUrl();
return View::make('connect_youtube')->with('authUrl', $authUrl);;
}
}
?>
This is the code for the SignupController in the Laravel-based application I'm building. The relevant routes are as follows:
Route::get('signup/connect_youtube/return', 'SignupController#showSignupForm');
Route::get('signup', 'SignupController#getYTAccess');
I only get an invalid request error after getting redirected to my application and I know it has something to do with the access token, just don't know what.
Any help would be appreciated.
Thanks
Tobias Timpe
(Secrets omitted, obviously)
To put it simply, there are 2 steps (at least) you have to do:
1. pass the correct parameters to google. The parameters tell you 1. who you are (you need to present your client id and client secret), 2. what you ask for (in your case youtube scope) 3. redirect_uri which is where your user will be redirected back after she accepts your app's request. 4. other options like access_type=offline which specifies that you have a backend server to continue the auth flow.
To check that this step works correctly, you don't always need run the code. Just print out your auth_url that the sdk makes for you. All those parameters i mentioned should be embedded there. Copy-paste the url in the browser, if the parameters are correct, it will take you to Google's consent page. If not, most likely is because the parameters you set in Google Apis setting page are mismatched with your parameters scripted in the auth_url. Examples are mismatched domains, redirect_uris, client_ids, client_secrets. I'm not sure if this is the error that you are receiving.
If your parameters are good, Google will let your user to login and allow youtube scope access for your app ('consent'). It will redirect user's browser back to your specified 'redirect_uri' with the parameter code=. So this will get you to the step 2 your server script has to process.
The value shooted from Google in the parameter ?code is what you need to get access token. So your server route (redirect_uri) needs to extract the code parameter and pass to the google api to exchange for 'credentials'. Note that the auth code can be used only once. The response credentials will contain access_token and refresh_token. These are important for the api calling so you need to persist them in a storage, possibly with google sdk you are using.
Hope that helps.
I'm testing the Google Analytics API (with oauth 2.0) on my local machine and I want to know if it's possible to get it to work this way as they request me to insert a Redirect URI in the Google APIs Console and then enter it in my code but I do not know what this Redirect URI should be?
My current Redirect URI is https://localhost/oauth2callback and I tried https://gapi.local/oauth2callback but neither works for me.
I get this error message:
Fatal error: Call to undefined method apiClient::setClientRedirectUri() in C:\xampp\htdocs\webs\gapi\HelloAnalyticsApi.php on line 15
Any help would be appreciated.
The google-api-php-client library has no method setClientRedirectUri() in apiClient. The correct method is called setRedirectUri():
$client = new apiClient();
$client->setApplicationName('Hello Analytics API Sample');
// Visit //code.google.com/apis/console?api=analytics to generate your
// client id, client secret, and to register your redirect uri.
$client->setClientId('insert_your_oauth2_client_id');
$client->setClientSecret('insert_your_oauth2_client_secret');
$client->setRedirectUri('insert_your_oauth2_redirect_uri');
$client->setDeveloperKey('insert_your_developer_key');
$client->setScopes(array('https://www.googleapis.com/auth/analytics.readonly'));