I am using "google api client php" to get access token using service account json base key file. But i am getting access token null. My sample code is
$client = new \Google_Client();
$client->setApplicationName('My App');
putenv('GOOGLE_APPLICATION_CREDENTIALS=path-to-the-key.json');
$client->useApplicationDefaultCredentials();
$client->setScopes(['https://www.googleapis.com/auth/analytics.readonly']);
$client->authorize();
$token = $client->getAccessToken();
echo $token; // null
I was solved my problem by developing own php code from google documentation. I use sign JWT payload using Guzzle HTTP Client to get access token. Here is the doc
My implementation:
public static function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
public static function getJwtAssertion($private_key_file)
{
$json_file = file_get_contents($private_key_file);
$info = json_decode($json_file);
$private_key = $info->{'private_key'};
//{Base64url encoded JSON header}
$jwtHeader = self::base64url_encode(json_encode(array(
"alg" => "RS256",
"typ" => "JWT"
)));
//{Base64url encoded JSON claim set}
$now = time();
$jwtClaim = self::base64url_encode(json_encode(array(
"iss" => $info->{'client_email'},
"scope" => "https://www.googleapis.com/auth/analytics.readonly",
"aud" => "https://www.googleapis.com/oauth2/v4/token",
"exp" => $now + 3600,
"iat" => $now
)));
$data = $jwtHeader.".".$jwtClaim;
// Signature
$Sig = '';
openssl_sign($data,$Sig,$private_key,'SHA256');
$jwtSign = self::base64url_encode($Sig);
//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature}
$jwtAssertion = $data.".".$jwtSign;
return $jwtAssertion;
}
public static function getGoogleAccessToken($private_key_file)
{
$result = [
'success' => false,
'message' => '',
'token' => null
];
if (Cache::has('google_token')) {
$result['token'] = Cache::get('google_token');
$result['success'] = true;
return $result;
}
if(!file_exists($private_key_file)){
$result['message'] = 'Google json key file missing!';
return $result;
}
$jwtAssertion = self::getJwtAssertion($private_key_file);
try {
$client = new Client([
'base_uri' => 'https://www.googleapis.com',
]);
$payload = [
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $jwtAssertion
];
$response = $client->request('POST', 'oauth2/v4/token', [
'form_params' => $payload
]);
$data = json_decode($response->getBody());
$result['token'] = $data->access_token;
$result['success'] = true;
$expiresAt = now()->addMinutes(58);
Cache::put('google_token', $result['token'], $expiresAt);
} catch (RequestException $e) {
$result['message'] = $e->getMessage();
}
return $result;
}
Now call it:
$googleToken = getGoogleAccessToken($KEY_FILE_LOCATION);
I used similar type of client to get access token but that was for google sheets.
This would be same like that. So I'm sharing my google sheets code snippet here.
<?php
if (!function_exists('curl_reset'))
{
function curl_reset(&$ch)
{
$ch = curl_init();
}
}
require_once __DIR__ . '/goog/vendor/autoload.php';
define('APPLICATION_NAME', 'Google Sheets API PHP Quickstart');
define('CREDENTIALS_PATH', __DIR__ . '/sheets.googleapis.com-php-quickstart.json');
define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/sheets.googleapis.com-php-quickstart.json
define('SCOPES', implode(' ', array(
Google_Service_Sheets::SPREADSHEETS)
));
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
/**
* Returns an authorized API client.
* #return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfig(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = CREDENTIALS_PATH;
if (file_exists($credentialsPath)) {
$accessToken = json_decode(file_get_contents($credentialsPath), true);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, json_encode($accessToken));
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
}
return $client;
}
So when you call getClient function in a php script in command line it will generate a link to verify the user in browser after that it will provide an code which you have to place in the command line. Then it will generate the access token which can be reused later.
Related
I am working on making some voting collection statistics sheets programmatically. The next step fro me is figuring out how to protect certain cells using the API from being edited. In this example, I actually want to go ahead and protect all of the first three columns. I have been unable to find documentation for this. Any assistance is greatly appreciated.
<?php
/*
* Copyright 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
include_once __DIR__ . '/includes/google/vendor/autoload.php';
$client = getClient();
$service = new Google_Service_Sheets($client);
// TODO: Assign values to desired properties of `requestBody`:
//$requestBody = new Google_Service_Sheets_Spreadsheet();
$spreadsheet = new Google_Service_Sheets_Spreadsheet([
'properties' => [
'title' => 'US Senate 2'
]
]);
$spreadsheet = $service->spreadsheets->create($spreadsheet, [
'fields' => 'spreadsheetId'
]);
$fileId=$spreadsheet->spreadsheetId;
echo $fileId;
// TODO: Change code below to process the `response` object:
echo '<pre>', var_export($spreadsheet, true), '</pre>', "\n";
//Give permissions
/*
$client2 = new \Google_Client();
$client2->setApplicationName('Give permissions');
$client2->setScopes([\Google_Service_Drive::DRIVE]);
$client2->setAccessType('offline');
$client2->setAuthConfig('../credentials.json');
$client2->setPrompt('select_account consent');
$service2 = new Google_Service_Drive($client2);
$newPermission = new Google_Service_Drive_Permission();
$newPermission->setEmailAddress("user#example.com");
$newPermission->setType('user');
$newPermission->setRole('writer');
$fileId=$spreadsheet->spreadsheetId;
$service2->permissions->create($fileId, $newPermission);
*/
//Add data from the dataTables
$client3 = new \Google_Client();
$client3->setApplicationName('Add data from datatables');
$client3->setScopes([\Google_Service_Sheets::SPREADSHEETS]);
$client3->setAccessType('offline');
$client3->setAuthConfig('credentials.json');
$tokenPath = 'token.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client3->setAccessToken($accessToken);
}
$service3 = new Google_Service_Sheets($client3);
$spreadsheetId = $fileId;
$range = 'Sheet1';
$headers = array(
"Candidate",
"Election",
"Id",
"Votes"
);
$row1[]="Collins";
$row1[]="US Senate";
$row1[]="1010010";
$row1[]="0";
$values = [
$headers,
$row1,
// Additional rows ...
];
$body = new Google_Service_Sheets_ValueRange([
'values' => $values
]);
$params = [
'valueInputOption' => 'RAW'
];
$insert = [
"insertDataOption" => "INSERT_ROWS"
];
$result = $service3->spreadsheets_values->append(
$spreadsheetId,
$range,
$body,
$params,
$insert
);
echo "<a href='https://docs.google.com/spreadsheets/d/".$fileId."' target='_blank'>https://docs.google.com/spreadsheets/d/".$fileId."</a>";
function getClient()
{
$redirect_uri = 'http://localhost:8000/' . $_SERVER['PHP_SELF'];
$client = new Google_Client();
$client->setApplicationName('Google Sheets API PHP Quickstart');
//$client->setScopes(Google_Service_Sheets::SPREADSHEETS_READONLY);
$client->addScope("https://www.googleapis.com/auth/drive");
$client->addScope("https://www.googleapis.com/auth/drive.file");
$client->addScope("https://www.googleapis.com/auth/spreadsheets");
$client->setRedirectUri($redirect_uri);
$client->setAuthConfig('credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
// If there is no previous token or it's expired.
if ($client->isAccessTokenExpired()) {
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if (array_key_exists('error', $accessToken)) {
throw new Exception(join(', ', $accessToken));
}
}
// Save the token to a file.
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}
I believe your goal and your situation as follows.
You want to protect the columns "A", "B" and "C" of a sheet in Google Spreadsheet using googleapis for php.
You can get and put values for Google Spreadsheet using Sheets API.
Modification point:
In this case, please use "addProtectedRange" with the method of "spreadsheets.batchUpdate" in Sheets API.
Modified script:
$spreadsheetId = "###"; // please set Spreadsheet ID.
$sheetId = "###"; // Please set sheet ID.
$requests = [
new Google_Service_Sheets_Request([
'addProtectedRange' => [
'protectedRange' => [
'range' => [
'sheetId' => $sheetId,
'startRowIndex' => 0,
'startColumnIndex' => 0,
'endColumnIndex' => 3,
],
'description' => 'sample description'
]
]
])
];
$batchUpdateRequest = new Google_Service_Sheets_BatchUpdateSpreadsheetRequest([
'requests' => $requests
]);
$result = $service3->spreadsheets->batchUpdate($spreadsheetId, $batchUpdateRequest);
When above script is run, the columns "A" to "C" of $sheetId in $spreadsheetId are protected.
Note:
$service3 is from your script.
Please set the range as the GridRange. Ref
In above script, the editor is the owner.
Reference:
Method: spreadsheets.batchUpdate
AddProtectedRangeRequest
GridRange
I am trying to use google sheet API to write in google sheet API.
For that, I am using below code
$spreadsheetId = 'XXXX';
$range = "Zoho Emails 2";
$values = [["This","is","a","new","row"],];
$body = new Google_Service_Sheets_ValueRange([
"values" =>$values
]);
$params = [
`valueInputOptions` => "RAW"
];
$insert = [
"insertDataOption" => "INSERT_ROWS"
];
$result = $service->spreadsheets_values->append(
$spreadsheetId,
$range,
$body,
$params,
$insert
);
But when I run This code this code gives me below error
[26-Nov-2019 22:45:36 America/Chicago] PHP Fatal error: Uncaught exception 'Google_Exception'
with message '(append) unknown parameter: ''' in
/Google_sheet/vendor/google/apiclient/src/Google/Service/Resource.php:147
Stack trace:
#0 /Google_sheet/vendor/google/apiclient-
services/src/Google/Service/Sheets/Resource/SpreadsheetsValues.php(65):
Google_Service_Resource->call('append', Array, 'Google_Service_...')
#1 /Google_sheet/quickstart.php(99): Google_Service_Sheets_Resource_SpreadsheetsValues-
>append('1k8sR-aV8O5W7jP...', 'Zoho Emails 2', Object(Google_Service_Sheets_ValueRange), Array,
Array)
#2 {main}
thrown in /Google_sheet/vendor/google/apiclient/src/Google/Service/Resource.php on line 147
But I don't understand why this error occurs.
Can anybody help me with this?
How about this modification?
From:
$params = [
`valueInputOptions` => "RAW"
];
$insert = [
"insertDataOption" => "INSERT_ROWS"
];
$result = $service->spreadsheets_values->append(
$spreadsheetId,
$range,
$body,
$params,
$insert
);
To:
$params = [
"valueInputOption" => "RAW",
"insertDataOption" => "INSERT_ROWS"
];
$result = $service->spreadsheets_values->append(
$spreadsheetId,
$range,
$body,
$params
);
Note:
This modified script supposes that you have already been able to get and put values for the Spreadsheet using Sheets API.
Reference:
Method: spreadsheets.values.append
If this was not the direct solution of your issue, I apologize.
Added:
When the script in the link of your another question you provided in the discussion is used, the whole script reflected my modified script is as follows. Before you run the script, please set the variables of $spreadsheetId and $range. Before you run the script, please confirm credentials.json and delete the file of token.json. Then, run the script. At that time, please authorize again. By this, I think that the script works.
The scope is changed from Google_Service_Sheets::SPREADSHEETS_READONLY to Google_Service_Sheets::SPREADSHEETS.
Whole script:
<?php
require __DIR__ . '/vendor/autoload.php';
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
function getClient()
{
$client = new Google_Client();
$client->setApplicationName('Google Sheets API PHP Quickstart');
$client->setScopes(Google_Service_Sheets::SPREADSHEETS);
$client->setAuthConfig('credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
$tokenPath = 'token.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
if ($client->isAccessTokenExpired()) {
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
if (array_key_exists('error', $accessToken)) {
throw new Exception(join(', ', $accessToken));
}
}
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}
$client = getClient();
$service = new Google_Service_Sheets($client);
$spreadsheetId = "###"; // Spreadsheet ID
$range = "###"; // Sheet name
$values = [["This","is","a","new","row"],];
$body = new Google_Service_Sheets_ValueRange([
"values" =>$values
]);
$params = [
"valueInputOption" => "RAW",
"insertDataOption" => "INSERT_ROWS"
];
$result = $service->spreadsheets_values->append(
$spreadsheetId,
$range,
$body,
$params
);
I can read my Google Sheet Doc use this tutorial: https://developers.google.com/sheets/api/quickstart/php
quickstart.php:
<?php
require_once __DIR__ . '/vendor/autoload.php';
define('APPLICATION_NAME', 'Google Sheets API PHP Quickstart');
define('CREDENTIALS_PATH', '~/.credentials/sheets.googleapis.com-php-quickstart.json');
define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/sheets.googleapis.com-php-quickstart.json
define('SCOPES', implode(' ', array(
Google_Service_Sheets::SPREADSHEETS_READONLY)
));
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
/**
* Returns an authorized API client.
* #return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfig(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = json_decode(file_get_contents($credentialsPath), true);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, json_encode($accessToken));
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
}
return $client;
}
/**
* Expands the home directory alias '~' to the full path.
* #param string $path the path to expand.
* #return string the expanded path.
*/
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
}
return str_replace('~', realpath($homeDirectory), $path);
}
// Get the API client and construct the service object.
$client = getClient();
$service = new Google_Service_Sheets($client);
// Prints the names and majors of students in a sample spreadsheet:
$spreadsheetId = 'myfileid';
$range = 'Class Data!A2';
$response = $service->spreadsheets_values->get($spreadsheetId, $range);
$values = $response->getValues();
if (count($values) == 0) {
print "No data found.\n";
} else {
print "Name, Major:\n";
foreach ($values as $row) {
// Print columns A and E, which correspond to indices 0 and 4.
printf("%s, %s\n", $row[0], $row[4]);
}
}
All is Ok. I can read my Google Sheet Doc. But I need have only one additional possibility: writing to a single range. I added to end of quickstart.php this code:
$values = array(
array(
5
),
// Additional rows ...
);
$body = new Google_Service_Sheets_ValueRange(array(
'values' => $values
));
$params = array(
'valueInputOption' => $valueInputOption
);
$result = $service->spreadsheets_values->update($spreadsheetId, $range,
$body, $params);
frome here: https://developers.google.com/sheets/api/guides/values
I have:
PHP Fatal error:
Uncaught exception 'Google_Service_Exception' with message '{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Request had insufficient authentication scopes.",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
My Google Sheet Doc has permission for redact/modify. I need have writing to a single range. What is mean this error? Please help me modify quickstart.php.
Change the scopes to Google_Service_Sheets::SPREADSHEETS check,
also try this
$params = array(
'valueInputOption' => $valueInputOption
);
to check
$params = array(
'valueInputOption' => 'USER_ENTERED'
);
<?php
include('lead1.php');
require_once __DIR__ . '/vendor/autoload.php';
global $link;
$emailmsgsql = "SELECT *
FROM psleads WHERE agreeid = '6'";
$msgreqsres = mysqli_query($link, $emailmsgsql); // or die(mysql_error()0);
$msgreqs = $msgreqsres->fetch_assoc();
$start = $msgreqs['contractbegindate'] . ' ' . $msgreqs['contractbegintime'];
$end = $msgreqs['contractenddate'] . ' ' . $msgreqs['contractendtime'];
$startDT = new DateTime($start, new DateTimeZone('Pacific/Honolulu'));
$endDT = new DateTime($end, new DateTimeZone('Pacific/Honolulu'));
$startDTw3c = $startDT->format(DateTime::W3C);
$endDTw3c = $endDT->format(DateTime::W3C);
putenv('GOOGLE_APPLICATION_CREDENTIALS=./service-account.json');
define('CREDENTIALS_PATH', '~/calendar-php.json');
define('CLIENT_SECRET_PATH', './client_secret.json');
//define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
$client = new Google_Client();
$client->setApplicationName("Paradise_Sound_Booking_Calendar");
$client->addScope('https://www.googleapis.com/auth/calendar');
$client->setAuthConfig(CLIENT_SECRET_PATH);
$client->setClientId('532085378494-s908fs5mu4rf2e2s60cecgaprg9pem1p.apps.googleusercontent.com');
$client->setDeveloperKey("XXXXX");//flo.gd
$client->useApplicationDefaultCredentials();
// Load previously authorized credentials from a file.
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
}
return str_replace('~', realpath($homeDirectory), $path);
}
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = json_decode(file_get_contents($credentialsPath), true);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
//$authCode = trim(fgets(STDIN));
$authCode = 'Manually pasted return code into script here';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, json_encode($accessToken));
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
}
$service = new Google_Service_Calendar($client);
$event = new Google_Service_Calendar_Event(array(
'summary' => 'Booked Event ' . $msgreqs['contractbegindate'],
'start' => array(
'dateTime' => $startDTw3c,
//'dateTime' => '2015-05-28T09:00:00-07:00',
'timeZone' => 'Pacific/Honolulu',
),
'end' => array(
'dateTime' => $endDTw3c,
'timeZone' => 'Pacific/Honolulu',
)
));
$calendarId = 'iddnpsbinrifod2826eqo1kmoo#group.calendar.google.com';
$eventres = $service->events->insert($calendarId, $event);
echo json_encode($eventres);
?>
So here is my PHP code I am using to test event insertion into MY google calendar.
I thought I could use just an API key but google seems to have this convulted way of doing OAUTH that I just can't figure out. I can see all my 403 errors in my API Developers Console.
Does anyone have working code to do simple event inserts into my calendar.
CONTEXT:
I will recieve an IPN from paypal (done) and that will fire off this script that will insert an event into MY calendar, not the users. Can anyone help me without referring me to the google developer docs? They seem sparse and I have read them over and over and over again to no avail of solving my issue.
Here is the error I am getting:
Fatal error: Uncaught exception 'Google_Service_Exception' with
message '{ "error": { "errors": [ { "domain": "global", "reason":
"forbidden", "message": "Forbidden" } ], "code": 403, "message":
"Forbidden" } } ' in
/home/dahfrench/flo.gd/src/Google/Http/REST.php:118 Stack trace: #0
/home/dahfrench/flo.gd/src/Google/Http/REST.php(94):
Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response),
Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') #1 [internal
function]: Google_Http_REST::doExecute(Object(GuzzleHttp\Client),
Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') #2
/home/dahfrench/flo.gd/src/Google/Task/Runner.php(181):
call_user_func_array(Array, Array) #3
/home/dahfrench/flo.gd/src/Google/Http/REST.php(58):
Google_Task_Runner->run() #4
/home/dahfrench/flo.gd/src/Google/Client.php(789):
Google_Http_REST::execute(Object(GuzzleHttp\Client),
Object(GuzzleHttp\Psr7\Request), 'Google_Service_...', Array) #5
/home/dahfrench/flo.gd/src/Google/Service/Resource.php(232): Goo in
/home/dahfrench/flo.gd/src/Google/Http/REST.php on line 118
You may want to finalize what authentication you want to implement : user needs to login to perform/request to Google Services or delegate a domain-wide authority to the service account.
If you will be using OAuth 2.0:
Your application must use OAuth 2.0 to authorize requests.
Sample Code from Google:
<?php
require_once __DIR__ . '/vendor/autoload.php';
define('APPLICATION_NAME', 'Google Calendar API PHP Quickstart');
define('CREDENTIALS_PATH', '~/.credentials/calendar-php-quickstart.json');
define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/calendar-php-quickstart.json
define('SCOPES', implode(' ', array(
Google_Service_Calendar::CALENDAR_READONLY)
));
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
/**
* Returns an authorized API client.
* #return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfig(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = json_decode(file_get_contents($credentialsPath), true);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, json_encode($accessToken));
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
}
return $client;
}
/**
* Expands the home directory alias '~' to the full path.
* #param string $path the path to expand.
* #return string the expanded path.
*/
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
}
return str_replace('~', realpath($homeDirectory), $path);
}
// Get the API client and construct the service object.
$client = getClient();
$service = new Google_Service_Calendar($client);
// Print the next 10 events on the user's calendar.
$calendarId = 'primary';
$optParams = array(
'maxResults' => 10,
'orderBy' => 'startTime',
'singleEvents' => TRUE,
'timeMin' => date('c'),
);
$results = $service->events->listEvents($calendarId, $optParams);
if (count($results->getItems()) == 0) {
print "No upcoming events found.\n";
} else {
print "Upcoming events:\n";
foreach ($results->getItems() as $event) {
$start = $event->start->dateTime;
if (empty($start)) {
$start = $event->start->date;
}
printf("%s (%s)\n", $event->getSummary(), $start);
}
}
If you will be using Google Apps Domain-Wide Delegation of Authority:
Authorizing a service account to access data on behalf of users in a domain is sometimes referred to as "delegating domain-wide authority" to a service account.
Sample Code from a SO post:
function calendarize ($title, $desc, $ev_date, $cal_id) {
session_start();
/************************************************
Make an API request authenticated with a service
account.
************************************************/
set_include_path( '../google-api-php-client/src/');
require_once 'Google/Client.php';
require_once 'Google/Service/Calendar.php';
//obviously, insert your own credentials from the service account in the Google Developer's console
$client_id = '843319906820-xxxxxxxxxxxxxxxxxxxdcqal54p1he6.apps.googleusercontent.com';
$service_account_name = '843319906820-xxxxxxxxxxxxxxxxxxxdcqal54p1he6#developer.gserviceaccount.com';
$key_file_location = '../google-api-php-client/calendar-xxxxxxxxxxxx.p12';
if (!strlen($service_account_name) || !strlen($key_file_location))
echo missingServiceAccountDetailsWarning();
$client = new Google_Client();
$client->setApplicationName("Whatever the name of your app is");
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array('https://www.googleapis.com/auth/calendar'),
$key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
$calendarService = new Google_Service_Calendar($client);
$calendarList = $calendarService->calendarList;
//Set the Event data
$event = new Google_Service_Calendar_Event();
$event->setSummary($title);
$event->setDescription($desc);
$start = new Google_Service_Calendar_EventDateTime();
$start->setDateTime($ev_date);
$event->setStart($start);
$end = new Google_Service_Calendar_EventDateTime();
$end->setDateTime($ev_date);
$event->setEnd($end);
$createdEvent = $calendarService->events->insert($cal_id, $event);
echo $createdEvent->getId();
}
?>
Note: If you plan on using only one calendar, I would recommend using a service account then sharing your calendar to the account in order to avoid 403 : Forbidden as said in the related SO post
Hope this helps.
I'm able to retrieve an email with authentication for reading the google api. I followed the quick start guid, and am able to read email messages after setting up a client and linking it to a client_secret.json file.
What I have working so far is the following:
<?php
require 'google-api-php-client/src/Google/autoload.php';
define('APPLICATION_NAME', 'Gmail API Quickstart');
define('CREDENTIALS_PATH', '~/.credentials/gmail-api-quickstart.json');
define('CLIENT_SECRET_PATH', 'client_secret.json');
define('SCOPES', implode(' ', array(
Google_Service_Gmail::GMAIL_READONLY)
));
/**
* Returns an authorized API client.
* #return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfigFile(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = file_get_contents($credentialsPath);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->authenticate($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, $accessToken);
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->refreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, $client->getAccessToken());
}
return $client;
}
/**
* Expands the home directory alias '~' to the full path.
* #param string $path the path to expand.
* #return string the expanded path.
*/
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv("HOMEDRIVE") . getenv("HOMEPATH");
}
return str_replace('~', realpath($homeDirectory), $path);
}
// Get the API client and construct the service object.
$client = getClient();
$service = new Google_Service_Gmail($client);
// Print the labels in the user's account.
$user = 'me';
//$results = $service->users_labels->listUsersLabels($user);
//$results = $service->users_messages->get('denverwebsiterepair#gmail.com', '14eadd821012b3ed');
$optParams['maxResults'] = 5;
$optParams['labelIds'] = 'INBOX';
$messages= $service->users_messages->listUsersMessages('me', $optParams);
$list = $messages->getMessages();
$messageId = $list[0]->getId();
$optParamsGet = [];
$optParamsGet['format'] = 'full';
$message = $service->users_messages->get('me', $messageId, $optParamsGet);
$messagePayload = $message->getPayload();
$headers = $message->getPayload()->getHeaders();
$part = $message->getPayload()->getParts();
$body = $part[0]['body'];
$rawData = $body->data;
$decodeMessage = base64_decode($rawData);
// THIS IS THE MESSAGE BODY I CAN GET
echo $decodeMessage;
What puzzles me is that when I try the following to try to send mail, per the google instructions, I get the error:
Error calling POST https://www.googleapis.com/gmail/v1/users/me/messages/send: (403) Insufficient Permission
All I did was add a change to the bottom:
<?php
require 'google-api-php-client/src/Google/autoload.php';
define('APPLICATION_NAME', 'Gmail API Quickstart');
define('CREDENTIALS_PATH', '~/.credentials/gmail-api-quickstart.json');
define('CLIENT_SECRET_PATH', 'client_secret.json');
define('SCOPES', implode(' ', array(
Google_Service_Gmail::GMAIL_READONLY)
));
/**
* Returns an authorized API client.
* #return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfigFile(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = file_get_contents($credentialsPath);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->authenticate($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, $accessToken);
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->refreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, $client->getAccessToken());
}
return $client;
}
/**
* Expands the home directory alias '~' to the full path.
* #param string $path the path to expand.
* #return string the expanded path.
*/
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv("HOMEDRIVE") . getenv("HOMEPATH");
}
return str_replace('~', realpath($homeDirectory), $path);
}
// Get the API client and construct the service object.
$client = getClient();
//------------ MY CHANGES HERE ---------------
$service = new Google_Service_Gmail($client);
// Print the labels in the user's account.
$user = 'me';
//$results = $service->users_labels->listUsersLabels($user);
try {
$msg = new Google_Service_Gmail_Message();
$mime = rtrim(strtr(base64_encode("THIS IS A TEST MESSAGE"), '+/', '-_'), '=');
$msg->setRaw($mime);
$service->users_messages->send("me", $msg);
echo "OK";
} catch (Exception $ex) {
echo $ex->getMessage();
}
EDIT: I realized that my Google_Service_Gmail scope was set to READ_ONLY. I tried changing this to MAIL_GOOGLE_COM per the api source on line 34, but still got the error.
Change the the scope to: GMAIL_COMPOSE instead to MAIL_GOOGLE_COM and then try to reconnect through Google API so it get the permission again. You can also add multiple scope in the scopes array.
I hope it will work for you.
Don't Forget to reconnect through Google API by re generating the credentials after deleting the old one on google developer console, after updating the scope in the code as per required.