I am using the following example backend-auth Google
<?php
require_once 'Google/vendor/autoload.php';
$CLIENT_ID = "xxxxxxxxxx";
// Get $id_token via HTTPS POST.
$client = new Google_Client(['client_id' => $CLIENT_ID]); // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$userid = $payload['sub'];
// If request specified a G Suite domain:
//$domain = $payload['hd'];
} else {
// Invalid ID token
}
?>
I have already created the credentials, API, and OAUTH2
API_KEY: AIzaAsDfGuYn6nk9761kvnwMxns-PPeO1Ka1YsA
CLIENT_ID: 15123456862-94jrd0d2lis29lbl6dekpk0fp4otgm8r.apps.googleusercontent.com
CLIENT_SECRET: qertf3l3UfgdhjiWEREZI8xN
But it generates the following error:
Notice: Undefined variable: id_token in C:\Adsense\index.php on line 10
Fatal error: Uncaught LogicException: id_token must be passed in or set as part of setAccessToken in C:\Adsense\Google\vendor\google\apiclient\src\Client.php:784 Stack trace: #0 C:\Adsense\index.php(10): Google\Client->verifyIdToken(NULL) #1 {main} thrown in C:\Adsense\Google\vendor\google\apiclient\src\Client.php on line 784
I have searched this forum in the google documentation and in the google console panel but I cannot find a fixed token or how to create it, I cannot find references
https://oauth2.googleapis.com/tokeninfo?id_token=XXXXX
It's a bit of an old post, but for anyone like me and the OP struggling with this, it's actually quite a simple solution.
The example code has a commented out line that reads
// Get $id_token via HTTPS POST.
You actually have to write this code. Using the worked examples from Google, the JavaScript function passes the authentication token as idtoken.
$id_token = $_POST['idtoken'];
Will do the trick. You'll probably want to perform some basic error checking, for example,
if (isset($_POST['idtoken'])){
$id_token = $_POST['idtoken'];
$payload = $client->verifyIdToken($id_token);
...
Related
I'm trying to make an API that return google user profile with using my token id that I've got from Google Developers Playground (OAuth 2.0). I've read and follow the guidelines, but when I trying to use my code, it says id_token must be passed in or set as part of setAccessToken. Here is my code :
$id_token = $this->input->post('id_token');
$id_event = $this->input->post('id_event');
$client = new Google_Client(['client_id' => GOOGLE_CLIENT_ID]);
$payload = $client->verifyIdToken($id_token); //It's error here
At first it's run well but when I try to run it again, the error show up. What should I do?
Here's full error message :
Type: LogicException
Message: id_token must be passed in or set as part of setAccessToken
Filename: D:\XAMPP\htdocs\api\application\vendor\google\google-api-php-client\src\Google\Client.php
Line Number: 702
Backtrace:
File: D:\XAMPP\htdocs\api\application\controllers\C_android_api.php
Line: 190
Function: verifyIdToken
File: D:\XAMPP\htdocs\api\index.php
Line: 315
Function: require_once
See my solution here
The following issue "id_token must be passed in or set as part of setAccessToken" fixed when I provided "email" scope.
i.e., $client->addScope("email");
reference and full example here: https://github.com/google/google-api-php-client/blob/master/examples/idtoken.php
Hope this helps.
I have very simple code directly from Google's website
$client = new Google_Client(['client_id' => $CLIENT_ID]);
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$userid = $payload['sub'];
echo $userid;
} else {
// Invalid ID token
echo "error";
}
I get the following error(s):
<b>Fatal error</b>: Uncaught exception 'UnexpectedValueException' with message 'Wrong number of segments' in /../vendor/firebase/php-jwt/src/JWT.php:79
Stack trace:
#0 /../vendor/google/apiclient/src/Google/AccessToken/Verify.php(103): Firebase\JWT\JWT::decode('ya29.GlzbAwEXTe...', '-----BEGIN PUBL...', Array)
#1 /../vendor/google/apiclient/src/Google/Client.php(713): Google_AccessToken_Verify->verifyIdToken('ya29.GlzbAwEXTe...', '1074005180734-g...')
#2 /../pages/auth/session.php(7): Google_Client->verifyIdToken('ya29.GlzbAwEXTe...')
Does anyone know why this is?
Answering this question because the other one is too short and vague.
Instead of passing the ID returned by profile.getId(), pass the one returned by googleUser.getAuthResponse().id_token as your id_token (the id field of the POST request you use to send the user's id over to your server).
A great tip for any developer: If you think you did everything you were supposed to do, and it is working for them, but it is not working for you, then you did not do everything you were supposed to do.
I used access_token instead of id_token when passing it in POST
I had the same issue and didn't get any fix. I had to change the way I was fetching user info. Instead of using $client->verifyIdToken(); I have used the service class this way :
$authService=new Google_Service_Oauth2($client);
if($client->getAccessToken()){
$data=$authService->userinfo->get();
}
So, to get the current user email, I used $email=data['email'];.
Hope this works!
I'm not very good with PHP, and I am trying to create a webpage where I will navigate to the page and it will show a list of events from my private google calendar. This used to work years ago, but Google has changed the API so my old solution is broken. I saw this thread:
How do I connect to the Google Calendar API without the oAuth authentication?
and I tried it, but it looks like that method also doesn't work anymore. (When I say "doesn't work" I mean that I currently have the latest google-api-php-client-2.0.3 installed at public_html/includes/google-api-php-client-2.0.3/. I found the client.php referenced in the above link, but the other files are not in the new API.
Basically, I am trying to figure out what the PHP would look like to achieve what you can do on this page when you put in your calendar ID:
https://developers.google.com/google-apps/calendar/v3/reference/events/list#request
So I think this is a two step process: Authenticate and then print the output. The trouble I'm having is in authenticating.
I have tried this:
<?php
session_start();
require_once "/includes/google-api-php-client-2.0.3/src/Google/client.php";
require_once "/includes/google-api-php-client-2.0.3/src/contrib/Google_CalendarService.php";
const CLIENT_ID = '...';
const SERVICE_ACCOUNT_NAME = 'my service account name';
// Make sure you keep your key.p12 file in a secure location, and isn't
// readable by others.
const KEY_FILE = '...';
$client = new Google_Client();
$client->setApplicationName("...");
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
// Load the key in PKCS 12 format (you need to download this from the
// Google API Console when the service account was created.
$key = file_get_contents(KEY_FILE);
$client->setAssertionCredentials(new Google_AssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/calendar', "https://www.googleapis.com/auth/calendar.readonly"),
$key)
);
$client->setClientId(CLIENT_ID);
$service = new Google_CalendarService($client);
//Save token in session
if ($client->getAccessToken()) {
$_SESSION['token'] = $client->getAccessToken();
}
//And now you can use the code in their PHP examples, like: $service->events->listEvents(...)
?>
But I get error:
Warning: require_once(/includes/google-api-php-client-2.0.3/src/Google_Client.php): failed to open stream: No such file
Because the API seems to have changed.
I found this link:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
I have created a service account, and downloaded a private key but I don't know what to do with it :-/
I tried this:
https://developers.google.com/api-client-library/php/auth/web-app
But when I navigate to the index.php I get this error:
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'file does not exist' in /home/xxx/public_html/includes/google-api-php-client-2.0.3/src/Google/Client.php:841 Stack trace: #0 /home/xxx/public_html/testing_oauth.php(7): Google_Client->setAuthConfig('client_secrets....') #1 {main} thrown in /home/xxx/public_html/includes/google-api-php-client-2.0.3/src/Google/Client.php on line 841
I tried hard coding this into the index.php example (line 103-107):
// https://developers.google.com/console
'client_id' => 'My service accounts project name',
'client_secret' => 'url link to my client_secret.json file',
'redirect_uri' => null,
'state' => null,
But I get the same error...
I'm using a service account to delegate domain wide security in order to pull a user listing from our Google Apps for Education instance via the Directory API and the PHP client library.
I'm fairly certain my service account has all the correct security because it's able to pull a listing using the API reference's "try it" feature.
So, at this point, everything is pointing toward an issue with my code but I can't seem to figure out where:
<?php
require 'vendor/autoload.php';
$clientEmail = '<>#developer.gserviceaccount.com';
$privateKey = file_get_contents(__DIR__ . '/access.p12');
$scopes = array(
'https://www.googleapis.com/auth/admin.directory.user.readonly',
);
$credentials = new Google_Auth_AssertionCredentials($clientEmail, $scopes, $privateKey);
$credentials->sub = 'service.account#my.domain';
$client = new Google_Client();
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired())
{
$client->getAuth()->refreshTokenWithAssertion();
}
$directory = new Google_Service_Directory($client);
$result = $directory->users->listUsers(array('domain' => 'my.domain'));
var_dump($result);
The code above throws the following error:
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: ' in C:\wamp\www\quick\vendor\google\apiclient\src\Google\Auth\OAuth2.php on line 358
Google_Auth_Exception: Error refreshing the OAuth2 token, message: '{
"error" : "access_denied",
"error_description" : "Requested client not authorized."
}' in C:\wamp\www\quick\vendor\google\apiclient\src\Google\Auth\OAuth2.php on line 358
Call Stack:
0.0010 132792 1. {main}() C:\wamp\www\quick\index.php:0
0.0260 1060248 2. Google_Auth_OAuth2->refreshTokenWithAssertion() C:\wamp\www\quick\index.php:18
0.9230 1163560 3. Google_Auth_OAuth2->refreshTokenRequest() C:\wamp\www\quick\vendor\google\apiclient\src\Google\Auth\OAuth2.php:309
The call stack should identify the specific line where this error occurred. Note that the second line in the stack seems to point to line 18 of your script, where the code indeed relates to OAuth verification:
$client->getAuth()->refreshTokenWithAssertion();
In other words, when you try to refreshTokenWithAssertion, Google says "access_denied because Requested client not authorized". If you're trying to identify where in your script you hit the error, I think that should answer your question.
If you want to figure out why it got an error, I'd do some google searches for refreshTokenWithAssertion plus that error message and see if you find any other developers working through a similar problem. For example by doing that google search I found this other page on SO that may help you.
Good luck!
I'm trying to use the Google API PHP Client with the Google Directory API. I went into the Google Developers Console and created a project called google-sync. I then enabled the Admin SDK in the APIs list page. I then selected "Create new Client ID" from the Credentials page, and selected Service Account, and then downloaded the .bin private key that I was prompted to download. I then also clicked on "Generate new P12 key" and downloaded the .p12 file, which was placed in the same directory as the PHP file.
Here's my PHP code (which follows this part of the docs) that is trying to list all users.
<?php
session_start();
require 'vendor/autoload.php';
$SCOPE = 'https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit';
$SERVICE_ACCOUNT_EMAIL = '<EMAIL ADDRESS>';
$SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<P12 FILE NAME>.p12';
$client = new Google_Client();
$client->setApplicationName('google-sync');
$adminService = new Google_Service_Directory($client);
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH);
$cred = new Google_Auth_AssertionCredentials(
$SERVICE_ACCOUNT_EMAIL,
array($SCOPE),
$key);
$client->setAssertionCredentials($cred);
$allUsers = $adminService->users->listUsers();
When I run this code, I get this error:
PHP Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:80
Stack trace:
#0 /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request))
#1 /projects/google-sync/vendor/google/apiclient/src/Google/Client.php(499): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#2 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request))
#3 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php(2063): Google_Service_Resource->call('list', Array, 'Google_Service_...')
#4 /projects/google-sync/auth-test.php(20): Google_Service_Directory_Users_Resource->listUsers()
#5 {main}
thrown in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Google_Service_Exception: Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Call Stack:
0.0001 232296 1. {main}() auth-test.php:0
0.0172 2957992 2. Google_Service_Directory_Users_Resource->listUsers() /projects/google-sync/auth-test.php:20
0.0172 2959144 3. Google_Service_Resource->call() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php:2063
0.3356 2970752 4. Google_Client->execute() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php:195
0.3356 2971568 5. Google_Http_REST::execute() /projects/google-sync/vendor/google/apiclient/src/Google/Client.php:499
0.7015 2974424 6. Google_Http_REST::decodeHttpResponse() /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:44
When I downloaded the p12 file, I was given a password associated with the private key, but I'm unable to find any documentation on how that password should be included. Is this my problem?
I was facing the same issue. Service account should impersonate a domain admin when it makes the request. In addition, listUsers() expects the domain to be passed as an argument.
Makes sure that you've delegated domain-wide authority to the service account - https://developers.google.com/api-client-library/php/auth/service-accounts
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array($SCOPE),
$key
);
$cred->sub = "admin#domain.com";
//Get All users.
$list = $service->users->listUsers(Array('domain' => 'domain.com'));
//Get one user
$userId = $service->users->get('someuser#domain.com');
I was able to fix this by going into my domain's Admin Console, went to the Manage API client access page under Security, and added the Client Id from the Developer Console and added the scopes I needed for the Directory API.
See this part of the docs for more info.