I'm developing a PHP that reads the emails from gmail using the Gmail API.
Basically I'm doing exactly as the quickstart page does (https://developers.google.com/gmail/api/quickstart/php).
So firstly I load the client:
require __DIR__ . '/Google/vendor/autoload.php';
$client = new Google_Client();
$client->setAuthConfigFile(__DIR__ . '/client_secret.json');
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$client->setScopes(Google_Service_Gmail::MAIL_GOOGLE_COM);
$client->setRedirectUri('http://' . $_SERVER['HTTP_HOST'] . '/index.php');
Then if I load the credentials from the db stored using an user id from my app.
If the credentials ar not present I do the redirect as the documentation sais:
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
After the authorization I get the access token using the code provided by google on my redirect url:
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
//storing the data in the db
header('Location: /index.php');
Of course if the token expires I do the refresh during the authentication process:
if($client->isAccessTokenExpired()) {
$refreshToken = $client->getRefreshToken();
$client->fetchAccessTokenWithRefreshToken($refreshToken);
$newToken = $client->getAccessToken();
$newToken['refresh_token'] = $refreshToken;
//store the new token
}
So after this I can access the email list of my user, and it works perfectly.
The problem is that if I log in with my account, I see the correct email, but after loggin in with another account with another user I see the same emails form both accounts.
So for example if I authorize for the user 1 the account smith#gmail.com, then for the user 2 the email seth#gmail.com, in both cases I will see the same emails (from smith#gmail.com).
I have checked if the problem is mine, so if the access token loaded are the same, but is not like that unfortunately, the access tokens are different.
The other crazy thing is that if I refresh a token for the second account (smith#gmail.com), I will see the correct emails, but now seth, will see the smith emails.
What is going on? what I miss?
UPDATE:
I've tried every step and the problem is the access token, I've tried it also in another server but both returns the same emails.
I've also tried to get the auth code with seth#gmail.com and the manually I've retrieved the access token:
$token = $client->fetchAccessTokenWithAuthCode($code);
but no way, also doing this it will keeps authenticating me as the other email.
UPDATE:
The thing is getting stranger, I have tried to remove all part of the config file, and I use it only when I have to retrieve the auth code.
So in the request I pass only the access token array, what happens is that I can see the emails also completely removing the access token, so basically the client looks empty at the moment of the request.
(
[auth:Google_Client:private] =>
[http:Google_Client:private] =>
[cache:Google_Client:private] =>
[token:Google_Client:private] => Array
(
[access_token] => no token what so eva
)
[config:Google_Client:private] => Array
(
[application_name] =>
[base_path] => https://www.googleapis.com
[client_id] =>
[client_secret] =>
[redirect_uri] =>
[state] =>
[developer_key] =>
[use_application_default_credentials] =>
[signing_key] =>
[signing_algorithm] =>
[subject] =>
[hd] =>
[prompt] =>
[openid.realm] =>
[include_granted_scopes] =>
[login_hint] =>
[request_visible_actions] =>
[access_type] => online
[approval_prompt] => auto
[retry] => Array
(
)
)
[logger:Google_Client:private] =>
[deferExecution:Google_Client:private] =>
[requestedScopes:protected] => Array
(
)
)
I solved this by updating the client library to the latest version.
Related
I am using a PHP library (https://github.com/djchen/oauth2-fitbit) to retreive a users Fitbit data via Oauth2. I am getting the data correctly but I am not sure how to grab a specific item from the multidimensional array response.
I am using code below but doesnt work
$response = $provider->getResponse($request);
var_dump($response['encodedId'][0]);
Full PHP code
$provider = new djchen\OAuth2\Client\Provider\Fitbit([
'clientId' => 'xxx',
'clientSecret' => 'xxx',
'redirectUri' => 'http://xxx-env.us-east-1.elasticbeanstalk.com/a/fitbitapi'
]);
// start the session
session_start();
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl();
// Get the state generated for you and store it to the session.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
try {
// Try to get an access token using the authorization code grant.
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// We have an access token, which we may use in authenticated
// requests against the service provider's API.
echo $accessToken->getToken() . "\n";
echo $accessToken->getRefreshToken() . "\n";
echo $accessToken->getExpires() . "\n";
echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $provider->getResourceOwner($accessToken);
var_export($resourceOwner->toArray());
// The provider provides a way to get an authenticated API request for
// the service, using the access token; it returns an object conforming
// to Psr\Http\Message\RequestInterface.
$request = $provider->getAuthenticatedRequest(
'GET',
'https://api.fitbit.com/1/user/-/profile.json',
$accessToken
);
// Make the authenticated API request and get the response.
$response = $provider->getResponse($request);
var_dump($response['encodedId'][0]);
Response data
eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NjAzNzgxOTYsInNjb3BlcyI6InJ3ZWkgcnBybyByaHIgcmxvYyByc2xlIHJzZXQgcmFjdCByc29jIiwic3ViIjoiNEg4NU5WIiwiYXVkIjoiMjI3UUNXIiwiaXNzIjoiRml0Yml0IiwidHlwIjoiYWNjZXNzX3Rva2VuIiwiaWF0IjoxNDYwMzc0NTk2fQ.NN9OOx--3YLvwai0hl0ZRJ4MNWXlaMwcEJ_xxxxxb2382a930144c3a76e69567dcbf0d9834c574919fff8c268b378e635735f1bbf 1460378196 not expired array ( 'encodedId' => '4545NV', 'displayName'
=> 'dan', )...
I am using the same PHP library for FitBit API integration. The response you have pasted with the question is the data that is coming because of the following part of your code:
// requests against the service provider's API.
echo $accessToken->getToken() . "\n";
echo $accessToken->getRefreshToken() . "\n";
echo $accessToken->getExpires() . "\n";
echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $provider->getResourceOwner($accessToken);
var_export($resourceOwner->toArray());
When you try to get the user profile from FitBit, you make the below request :
$request = $provider->getAuthenticatedRequest(
'GET',
'https://api.fitbit.com/1/user/-/profile.json',
$accessToken
);
// Make the authenticated API request and get the response.
$response = $provider->getResponse($request);
The $response comes in the below format and you can see there that "encodeId" is not the direct key there. Below is the example of var_dump($response); -
Array(
[user] => Array
(
[age] => 27
[avatar] => https://static0.fitbit.com/images/profile/defaultProfile_100_male.gif
[avatar150] => https://static0.fitbit.com/images/profile/defaultProfile_150_male.gif
[averageDailySteps] => 3165
[corporate] =>
[dateOfBirth] => 1991-04-02
[displayName] => Avtar
[distanceUnit] => METRIC
[encodedId] => 478ZBH
[features] => Array
(
[exerciseGoal] => 1
)
[foodsLocale] => en_GB
[fullName] => Avtar Gaur
[gender] => MALE
[glucoseUnit] => METRIC
[height] => 181
[heightUnit] => METRIC
[locale] => en_IN
[memberSince] => 2016-01-17
[offsetFromUTCMillis] => 19800000
[startDayOfWeek] => MONDAY
[strideLengthRunning] => 94.2
[strideLengthRunningType] => default
[strideLengthWalking] => 75.1
[strideLengthWalkingType] => default
[timezone] => Asia/Colombo
[topBadges] => Array
(
[0] => Array
(
)
[1] => Array
(
)
[2] => Array
(
)
)
[waterUnit] => METRIC
[waterUnitName] => ml
[weight] => 80
[weightUnit] => METRIC
)
)
In order to access anything in there you need to access it in this manner -
$encodedId = $response['user']['encodedId];
I hope this was helpful to you. You can ask more questions related to fitbit API as I have got it all working, including the Fitbit Subscriver API and Notifications.
I am trying to implement OAuth2 with Doctrine as an entity manager. I followed this tutorial exactly:
http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/
Here is my code that is called when a user makes a request to the API:
// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);
$clientStorage = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');
//Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
'authorization_code' => $authorizationCodeStorage,
'refresh_token' => $refreshTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));
// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
Whenever a call using the correct credentials is made, I get this response:
Array
(
[0] => OAuthClient Object
(
[id:OAuthClient:private] => 1
[client_identifier:OAuthClient:private] => testclient
[client_secret:OAuthClient:private] => testpass
[redirect_uri:OAuthClient:private] => http://fake.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
[1] => OAuthClient Object
(
[id:OAuthClient:private] => 2
[client_identifier:OAuthClient:private] => trevor
[client_secret:OAuthClient:private] => hutto
[redirect_uri:OAuthClient:private] => https://www.another.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
)
{"error":"invalid_client","error_description":"The client credentials are invalid"}
So we are getting the clients from the database, we should be checking them, and returning that they in fact exists and issuing an access token. However, for some reason, OAuth2 Server (can be seen here) can not match the given credentials with the stored credentials.
I do not think this is a Doctrine problem because I can retrieve the results fairly easily using findAll().
My question is:
Why is this happening, and how can I fix it?
I found the problem. In the tutorial (http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/) they fail to mention that when the client secret is checked with against a hashed version of the provided client secret.
In the tutorial they do not hash the example client secret when they put it in the database.
If you hash your client secret when inserting it into the database, it will work as expected.
Im trying to use push notification from Google Drive SDK for receive notification for all changes into an account, I follow the steps Registering domain, then creating notification channel and it works, I get this object Google_Service_Drive_Channel from google-api-php-client:
$client = new Google_Client();
$client->setApplicationName("APP_NAME");
$service = new Google_Service_Drive($client);
$key = file_get_contents('my_private_key_location.p12');
$cred = new Google_Auth_AssertionCredentials(
'email_address_from_the_client#developer.gserviceaccount.com',
array('https://www.googleapis.com/auth/drive'),
$key
);
$client->setAssertionCredentials($cred);
// Channel
$channel = new Google_Service_Drive_Channel();
$channel->setId(uniqid());
$channel->setAddress('https://my.custom.url');
$channel->setKind('api#channel');
$channel->setType('web_hook');
$test = $service->changes->watch($channel);
print_r($test);
// Response printing the result
Google_Service_Drive_Channel Object
(
[address] =>
[expiration] => 1407171497000
[id] => xxxxxxxxxxxxxxxxxx
[kind] => api#channel
[params] =>
[payload] =>
[resourceId] => xxxxxxxxxxxxxxxxxxxx
[resourceUri] => https://www.googleapis.com/drive/v2/changes?includeDeleted=true&includeSubscribed=true&maxResults=100&alt=json
[token] =>
[type] =>
[modelData:protected] => Array
(
)
[processed:protected] => Array
(
)
)
So, I go to the google drive account for move some file, but I still don't receive anything from the webhook inside the location specified "address" parameter.
I receive X-Goog-Resource-State = sync header just when the channel is created, but others events like (add, remove, trash, untrash, change, update) don't.
Any help, Thank's
I am guessing the Drive account you're editing isn't associated with that service account, as I don't see you using the sub parameter anywhere. Can you try it with web based OAuth 2.0 as a test so you can establish it is getting access to the same Drive account as the one you are modifying. Take a look at the Drive docs on Application accounts for more on this: https://developers.google.com/drive/web/service-accounts
This was the solution for my bug Delegate domain-wide authority to your service account
I have the follow code to login with Facebook:
// Include Facebook SDK
$this->facebook = new Facebook(array(
'appId' => 'APP ID',
'secret' => 'APP SECRET',
'cookie' => true
));
$uid = $this->facebook->getUser();
if($uid) {
try {
echo 'Done!';
} catch (FacebookApiException $e) {
echo $e;
error_log($e);
}
} else {
$loginUrl = $this->facebook->getLoginUrl(array(
'redirect_uri' => 'http://ogabrielsantos.com.br/dev/index.php?route=account/connect/facebook',
'scope' => 'user_birthday'
));
echo('<script>top.location.href = "' . $loginUrl . '";</script>');
}
UPDATE 1
I can authorize the App, but, after authorization, I can't get the logged user, EVER redirecting to
http://ogabrielsantos.com.br/dev/index.php?route=account%2Fconnect%2Ffacebook&state=RANDOM STATE&code=RANDOM CODE#_=_
I have tried:
Put the APP in a server;
Verify APP settings. All is correct;
Verify if url is the same at settings and code. All is ok;
My url is properly written: http://ogabrielsantos.com.br/dev/index.php?route=account/connect/facebook;
Reset APP SECRET.
Nothing worked.
You can check what happens going to:
http://ogabrielsantos.com.br/dev/index.php?route=account/connect/facebook
Facebook ask you to authorize the app to get your website, which is a safe information.
UPDATE 2
The follow code:
$this->facebook = new Facebook(array(
'appId' => $this->connect->config->get('facebook_api_key'),
'secret' => $this->connect->config->get('facebook_app_secret'),
'cookie' => true
));
$uid = $this->facebook->getUser();
echo'<pre>';
print_r($this->facebook);
echo'</pre>';
exit;
returns:
Facebook Object
(
[sharedSessionID:protected] =>
[appId:protected] => APP ID
[appSecret:protected] => APP SECRET
[user:protected] => 0
[signedRequest:protected] =>
[state:protected] =>
[accessToken:protected] => APP ID|APP SECRET
[fileUploadSupport:protected] =>
[trustForwarded:protected] =>
)
I think the accessToken is wrong, returning my APP ID and SECRET with a pipeline separator.
UPDATE 3:
Now, I verify the code, but, always get Fatal error: Uncaught OAuthException: Error validating verification code
if(isset($_GET['code'])) {
$api = $this->facebook->api('/oauth/access_token', array(
'client_id' => APP ID,
'redirect_uri' => 'http://ogabrielsantos.com.br/dev/index.php?route=account/connect/facebook',
'client_secret' => APP SECRET,
'code' => $_GET['code']
));
echo'<pre>';
var_dump($api);
print_r($this->facebook->getUser());
echo'</pre>';
exit;
}
I have read some questions, which is similar but can't help-me.
Are you working on localhost? if yes it probably is the reason why.
If not, check your app settings in developers.facebook.com/apps/APP_ID
1. You have to compare the urls written in your code with the ones you have in your app settings.
2. Another reason could be the that the urls in you app settings are not properly written, I remember having to add index.php at the end of my urls in Page Tab settings. Worked for me
3. Another option is to get a new APP_SECRET and update your code
These options are from my personal experience, you issue could also be something else but you lose nothing trying
The Facebook Sharing and Facebook Sign In functions are completely separate and each require their own app.
Are you using facebook sharing in the page you want the login working on?
Ref: http://www.ning.com/help/?p=8523
Hey everyone,
I am trying to get the session_key and secret for a facebook session (offline_access) in canvas application.
However, I am unable to get these two particular variables.
When, I am testing the same code locally, I can get the variables above (but this can be because the local app is not a canvas application)
I 'm using the following code, for redirect:
$facebook->getLoginUrl(array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'user_status,publish_stream,offline_access'
));
Can someone suggest me on how I can grab the session_key and secret, when the user authorizes the application? (for permanent offline access)
Here is an example session dump via Facebook:
Array (
[uid] => 100000926583671
[session_key] =>
[expires] => 0
[secret] =>
[base_domain] =>
[access_token] => 183043495039366|3ab6ac2asdkhj1bcfdec13d7-100000926583671|jJQaIT-n80YxioAasdwN0cm99U
[sig] => 2f64sadasc1da31c12927a052752776
)
and this is the error:
Array (
[error] => Array (
[type] => OAuthException
[message] => An active access token must be used to query information about the current user.
)
)
session_key and secret are now deprecated, and Facebook wants you to use Oauth authentication schema. Then, you will have to use given access_token (that you correctly get in $session) to make your api calls.
Try:
$session = $facebook->getSession();
$me = $facebook->api('/100000926583671',
array('access_token' => $session['access_token'])
);
var_dump($me);
Ref:
http://developers.facebook.com/docs/authentication/