I'm developing an application which has two sides: mobile side(IOS) and server-side (PHP, Laravel 5.4). I'm using google's own class to generate the google token and send them over to server in json format.
My Json looks like this:
["name": "ali farhangmehr", "email": "ali.farhangmehr#gmail.com", "google_image_url": https://lh5.googleusercontent.com/-6KoifJgUUW0/AAAAAAAAAAI/AAAAAAAAA60/BbWD4fEDvHk/s100/photo.jpg, "googleToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVlYTZiNzAzYjYzOTVmYzJlNWJkNmUzY2EwZjhiMzcxYTE0ODU5YjMifQ.eyJhenAiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDU4NzI5MzY5MDEzOTMwNjEyNTEiLCJlbWFpbCI6ImFsaS5mYXJoYW5nbWVockBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkN6S0htamlYOUhDM2JjaGZRTGJ3ZXciLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE1MDIwNDc4MjAsImV4cCI6MTUwMjA1MTQyMCwibmFtZSI6ImFsaSBmYXJoYW5nbWVociIsInBpY3R1cmUiOiJodHRwczovL2xoNS5nb29nbGV1c2VyY29udGVudC5jb20vLTZLb2lmSmdVVVcwL0FBQUFBQUFBQUFJL0FBQUFBQUFBQTYwL0JiV0Q0ZkVEdkhrL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJhbGkiLCJmYW1pbHlfbmFtZSI6ImZhcmhhbmdtZWhyIiwibG9jYWxlIjoiZW4ifQ.fMbcS3axTumt1hW4_Fss3C3QfLc_Ohhqlj3XfRkDmXixOlnEAV-9GaxI-6IOl0bdh382rJd2Ign4Fjdw8dJ5kGNhMmci9sV-_G50FU3vNH60RptJ04QX7BGrfUOjCJIV5dARJqsCNwqVWItR1F5z-gz9WHA0YKAjMCTWMWSuF03O0yowqzPoajwBLk5VNGOk7Q9fRvKEG7tnTGkckCBSBwWa5KdYnQw-k1OGB9W7qjcQrCelPE8SPzR_GwhHNoAGTOpZXQQSoeDNad8JWbExGZ9MeBDRoaLfLIoV7NRrVaSEwc4wSmga-yqlqjhGaULcdUGOZOasbhDyl28ULEDK2w"]
There is no problem so far. Then I have to check if the Google token is valid so I can register the user or log in the email
This is the link to the Google's own documentation on this matter
https://developers.google.com/identity/sign-in/web/backend-auth
I followed everything and my PHP code looks like this:
$input = $request->all();
$google_token = $input['google_token'] = $request->input('googleToken');
$client_id = $CLIENT_ID; //from my google console
$client=new Google_Client(['client_id' => $client_id]);
$payload=$client->verifyIdToken($google_token);
$client->verifyIdToken($google_token);
if ($payload) {
// do the login or register
} else {
return false;
}
and every time I'm getting this error:
(1/1) SignatureInvalidException
Signature verification failed
in JWT.php (line 112)
this issue because of new JWT for firebase
just use old version on JWT it will work
composer require firebase/php-jwt:4.0
Related
I have an issue with Socialite authentication via Google. I have two separate apps: Laravel and React Native. For react native app I use #react-native-community/google-signin and after getting a token on the client I'm sending it to the Laravel app, where I pass this token into Socialite function: Socialite::driver('google')->userFromToken($token); . I get this error:
Client error: GET https://www.googleapis.com/oauth2/v3/userinfo?prettyPrint=false resulted in a 401 Unauthorized response:
{
"error": "invalid_request",
"error_description": "Invalid Credentials"
}
I've rechecked credentials 4 times and I'm sure they are right. I use the same client id as in react native app. What am I doing wrong?
Note: I am using ID token to authorise instead of auth token.
From my research on a similar issue - It looks like Google one tap doesn't work in the same way as oAuth does.
So, you'd have to fetch a user from the $token manually, using the google/apiclient package.
There's an example in Google docs (it's in the android-section, but these particular snippets refer to back-end part, so it should still do the trick)
composer require google/apiclient
// Get $id_token via HTTPS POST.
$client = new Google_Client(['client_id' => $CLIENT_ID]); // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$userid = $payload['sub'];
// If request specified a G Suite domain:
//$domain = $payload['hd'];
} else {
// Invalid ID token
}
You can find more info on this Google Docs Page
I am building a portal where multiple users can log in to their multiple Gmail accounts. I have successfully retrieved the token value, However, I want to store that in my database but I am unable to store it.
Below is the code I am using:
function mInititalize(){
$client = new Google_Client();
$client->addScope('https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email https://mail.google.com/');
$client->setClientId(Config('gmail.client_id'));
$client->setClientSecret(Config('gmail.client_secret'));
$client->setRedirectUri('http://localhost:81'.Config('gmail.redirect_url'));
$loginURL = $client->createAuthUrl();
return redirect($loginURL);
}
After Redirection or user login
function mGetToken(){
$token = $client->fetchAccessTokenWithAuthCode( 'code'); // here i get the 'code' from login URL
I pass this code to get token I successfully get token
$oAuth = new Google_Service_Oauth2( $client);
$userData = $oAuth->userinfo_v2_me->get(); // get current user detail
}
I want to store $token value in database, but I am getting error message
>Serialization of 'Closure' is not allowed
Please anyone help me to solve this issue. Thanks.
I would suggest storing OAuth credential information for the Google API, not in your database, but through the API itself. If you're intending to use it any authentication manner, you'll run into problems, as the docs state:
Access tokens periodically expire and become invalid credentials for a related API request. Google Identity Platform: Using OAuth 2.0 for Web Server Applications
But, the same docs also show a way that you can set or retrieve the token natively within the API. Since it's data relating to google's auth'ing process, and since it might go stale if you store it, it seems best to just let them handle it and work with the API. The same source:
If you need to apply an access token to a new Google_Client object—for example, if you stored the access token in a user session—use the setAccessToken method:
$client->setAccessToken($access_token);
$client->getAccessToken();
I have downloaded project from Try Sign-in for Android, created project on Google API Console. I have successfully configured signin project and run the application in the emulator. I pasted OAuth Web Client ID into strings.xml. Then opened this IdTokenActivity and got idToken.
I copied this token and created request using POSTMAN to my server http://localhost/api/googlesignin/hello
On server I have this code:
public function hello(Request $request)
{
$idToken = $request->get('idToken');
$client = new \Google_Client([
'client_id' => '[SAME CLIENT ID AS THE ONE IN STRINGS.XML]'
]);
$payload = $client->verifyIdToken($idToken);
var_dump($payload)
}
But this returns FALSE meaning it fails to verify $idToken.
But using endpoint token verification like this:
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={$idToken}
returns status code 200 and all information about this user.
I have no idea why GoogleClient fails to verify token? Am I using wrong Client ID?
EDIT:
I have found the source of the problem: I have accidentally pasted twice ClientID:
'client_id' => 'client-id-tokenclient-id-token'
-.-
I have made a request to google adwords and got a refresh token (without using GetRefreshToken.php from the php library). I have copied and pasted the refresh_token, developerToken, client_id and client_secret into the auth.ini file.
But when I run the following part:
$user = new AdWordsUser();
$campaignService = $user->GetService('CampaignService', 'v201603');
// Create selector.
$selector = new Selector();
$selector->fields = array('Id', 'Name');
$selector->ordering[] = new OrderBy('Name', 'ASCENDING');
// Create paging controls.
$selector->paging = new Paging(0, AdWordsConstants::RECOMMENDED_PAGE_SIZE);
// Make the get request.
$page = $campaignService->get($selector);
In return I get the following error:
OAuth2Exception in SimpleOAuth2Handler.php line 119:
{
"error" : "invalid_grant"
}
The library is: Library. And the SimpleOAuth2Handler.php is here: Oauth
Any ideas why?
Have you tried passing the values directly into the adwords constructor function to make sure they are valid or at least are you setting the customer account number ? . The refresh token is used to obtain an access token which is good for about an hour. Caching this would help performance as you would not need to fetch a new access token every request.
Try adding the following -
$user->SetClientCustomerId('set your account number here');
// also if you are sure your oAuth data is valid
$user->SetOAuth2Info('pass your oauth data')
I need to retrieve an auth token from an Android device (client side) using AccountManager.getAuthToken and then re-use it via Zend_Gdata (server side)
When using the calendar 'cl' authTokenType things work as expected,
Android source:
String calendarToken = getAuthToken(account, 'cl' ...
PHP source:
$token = // value retrieved via Android 'calendarToken'
$client = new Zend_Gdata_HttpClient;
$client->setClientLoginToken($token);
$gData = new Zend_Gdata($client);
$feed = $gData->getFeed("http://www.google.com/calendar/feeds/default/private/full");
This does work, however when using the Gmail 'mail' authTokenType things are not so smooth
Android source:
String mailToken = getAuthToken(account, 'mail' ...
PHP source:
$token = // value retrieved via Android 'mailToken'
$client = new Zend_Gdata_HttpClient;
$client->setClientLoginToken($token);
$gData = new Zend_Gdata($client);
$feed = $gData->getFeed("https://mail.google.com/mail/feed/atom/");
This keeps throwing a 'Zend_Gdata_App_HttpException' with message 'Expected response code 200, got 401.
I tried to follow guidelines for the various Google Data APIs with no luck
The only reason you should see a difference between AuthSub requests to two services is a scope issue. Review item number three in the AuthSub docs and check to make sure the token you're using has access to GMail.