I have next code for google auth
use Google\Spreadsheet\DefaultServiceRequest;
use Google\Spreadsheet\ServiceRequestFactory;
require './vendor/autoload.php';
$application_name = '*****';
$client_secret = '**********';
$client_id = '**********.apps.googleusercontent.com';
$scope = array('https://spreadsheets.google.com/feeds');
$key = file_get_contents(__DIR__.'/the_key.txt');
$client = new Google_Client();
$client->setApplicationName($application_name);
$client->setClientId($client_id);
$client->setAccessType('offline');
$client->setAccessToken($key);
$client->setScopes($scope);
$client->setApprovalPrompt('force');
$client->setClientSecret($client_secret);
if ($client->getAccessToken()) {
if($client->isAccessTokenExpired()) {
$newToken = json_encode($client->getAccessToken());
$token = $client->getAccessToken();
$client->refreshToken($token['refresh_token']);
json_encode($client->getAccessToken()));
}
$key = json_decode(file_get_contents(__DIR__.'/the_key.txt'));
First time fillin file via oauthcallback via browser, and it works ok, i got refresh token and all works ok.
But when token expires as you see in code i request new via refresh_token, but in result i didn't get new refresh_token.
Also i forced acces type to offline, and approval prompt to force in Client.php of google-oauth-client(because even if i set it via paramaters it didn't worked).
My script must be executed via cron. So i can't each time receive token manually. Can you help me with this?
Related
I implemented Google OAuth2 for user login on my website.
It works but after 1 hour token expires and login fails.
I read on the web that I need to get the Refresh Token (for Facebook Login I used a Long Lived Token), but code I tried doesn't work.
Here the code:
//LOGIN CALLBACK FROM GOOGLE
$gClient = new Google_Client();
$gClient->setApplicationName(SITE_TITLE);
$gClient->setClientId(get_option('google_api_id')->value);
$gClient->setClientSecret(get_option('google_api_secret')->value);
$gClient->addScope('profile');
$gClient->addScope('email');
$gClient->setRedirectUri(SITE_URL."/login/google/google-callback.php");
if(isset($_GET['code'])) {
$gClient->setAccessType('offline');
$token = $gClient->fetchAccessTokenWithAuthCode($_GET['code']);
$gClient->setAccessToken($token['access_token']);
$_SESSION['google_access_token'] = $token['access_token'];
}
if($gClient->getAccessToken()) {
// Get user profile data from google
$google_oauthV2 = new Google_Service_Oauth2($gClient);
$gpUserProfile = $google_oauthV2->userinfo->get();
}
...
This first snippet works fine.
In this second snipped, when user change page, I verify if login is still active:
$gClient = new Google_Client();
$gClient->setApplicationName(SITE_TITLE);
$gClient->setClientId(get_option('google_api_id')->value);
$gClient->setClientSecret(get_option('google_api_secret')->value);
$gClient->addScope('profile');
$gClient->addScope('email');
$gClient->setAccessType('offline');
$gClient->setAccessToken($_SESSION['google_access_token']);
if($gClient->getAccessToken()) {
if ($gClient->isAccessTokenExpired()) {
$gClient->fetchAccessTokenWithRefreshToken($gClient->getRefreshToken());
}
$google_oauthV2 = new Google_Service_Oauth2($gClient);
$gpUserProfile = $google_oauthV2->userinfo->get();
...
}
This second snipped doesn't work, because method fetchAccessTokenWithRefreshToken($gClient->getRefreshToken()) fails because $gClient->getRefreshToken() is NULL.
I debugged the callback and I saw that $token = $gClient->fetchAccessTokenWithAuthCode returns an array without "refresh_token" field.
Can anyone help me?
Thanks
Bye
I have a Wordpress site (running PHP) that needs to display its own analytics data to visitors using the google-api. I want to create the charts in Javascript, so I need to fetch an auth token from the PHP code and then pass that to the Javascript code. I can't figure out how to get the auth token.
So far, I have code similar to this working using my service account:
https://github.com/google/google-api-php-client/blob/master/examples/service-account.php
My code:
$client = new Google_Client();
$client->setAuthConfig($credentialsFilePath);
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
$client->setApplicationName("GoogleAnalytics");
$analytics = new Google_Service_Analytics($client);
$ga = $analytics->data_ga;
$start = date('Y-m-d', strtotime('-7 days'));
$end = date('Y-m-d');
$views = $ga->get('ga:'.$myAnalyticsId,
$start,
$end,
'ga:pageviews,ga:sessions,ga:newUsers',
array(
'dimensions' => 'ga:date',
'sort' => 'ga:date'
));
This all works, and I'm able to connect to Google_Service_Analytics and fetch analytics data. However, I can't figure out how to fetch a service access token using my credentials, that I can hand off to the Javascript code so I can use the Google Analytics API from Javascript.
This doesn't work:
$token = $client->getAccessToken();
Token just ends up being null. What do I need to do to fetch a token?
Here is the working code for me.
The service account has a different type of process for generating access token.
It is not following oauth client api.
//include_once 'vendor/autoload.php';
$credentialsFilePath = 'test.json';
$client = new Google_Client();
$client->setAuthConfig($credentialsFilePath);
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
$client->setApplicationName("GoogleAnalytics");
$client->refreshTokenWithAssertion();
$token = $client->getAccessToken();
print_r($token);
$accessToken = $token['access_token'];
Figured this out:
$client->refreshTokenWithAssertion();
$token = $client->getAccessToken();
$accessToken = $token['access_token'];
First answer still works in 2021 (Thanks!), but a used function is deprecated (still available though)
This worked for me
public function getToken() {
$client = new Client(); // use Google\Client;
$client->setAuthConfig('securejsonfile.json');
$client->addScope('https://www.googleapis.com/auth/cloud-platform');
$client->setApplicationName('appname');
$client->fetchAccessTokenWithAssertion();
return $client->getAccessToken(); //array
}
For credentials, I have created an developer account on https://console.developers.google.com, I have created a project and then i have created credentials from API Manager. I use "google/apiclient": "1.1.*" package. I think it is a problem with credentials.
$OAUTH2_CLIENT_ID = 'XXXXX-rvm1l9b1nvht9je1ic0bbe05ab5gvhbg.apps.googleusercontent.com';
$OAUTH2_CLIENT_SECRET = 'XXXXXXP90L_DLD3Nrc_rT4zGD';
$client = new Google_Client();
$client->setClientId($OAUTH2_CLIENT_ID);
$client->setClientSecret($OAUTH2_CLIENT_SECRET);
$client->setScopes('https://www.googleapis.com/auth/youtube');
$redirect = url('/');
$client->setRedirectUri($redirect);
$token = $client->getAccessToken();
dd($token);
Tip:
Don't use:
$client->authenticate($authcode);
$token = $client->getAccessToken();
Use:
$token = $client->fetchAccessTokenWithAuthCode($authcode);
This will at least allow you to see the error message if you dump $token.
In the 'Don't use:' example, if the authenticate() step fails, getAccessToken() may return null. Bad job on the API here.
I think the problem is you're not making the request to Google to authenticate and get back the token. You should do:
$client = new Google_Client();
$client->setClientId($OAUTH2_CLIENT_ID);
$client->setClientSecret($OAUTH2_CLIENT_SECRET);
$client->setScopes('https://www.googleapis.com/auth/youtube');
$redirect = url('/');
$client->setRedirectUri($redirect);
//redirect to google server to get the token
return Redirect::to( $client->createAuthUrl() );
If the authentication succeeds, google will redirect you to the page you set with $client->setRedirectUri($redirect).
In that page you can:
//authenticate using the parameter $_GET['code'] you got from google server
$client->authenticate( $request->input('code') );
//get the access token
$tokens = $client->getAccessToken();
i am in the situation that i have to use the zend framework along with oauth 2 for gmail.
all works fine and i get the messages and login just fine, my problem is that the token expire too fast.
am i able to set it so it will never expire or how should i implement a refresh token to the framework ? i use standard code when it comes to login.
what i basically need is an access-token that does not expire or a guide for how to implement a refresh token and how to use it in a program.
any help is appreciated.
thank you.
this is the login page.
include("../classes/Google/Client.php");
$client_id = "hidden";
$client_secret = "hidden";
$redirect_uri = "hidden";
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->addScope("https://www.googleapis.com/auth/userinfo.email");
$client->addScope("https://www.googleapis.com/auth/userinfo.profile");
$client->addScope("https://mail.google.com/");
$client->setRedirectUri($redirect_uri);
$authUrl = $client->createAuthUrl();
echo "Login";
this is the callback
$client_id = "hidden";
$client_secret = "hidden";
$redirect_uri = "hidden";
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
session_start();
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$oauth2 = new Google_Service_Oauth2($client);
$user = $oauth2->userinfo->get();
$_SESSION['email'] = $user;
$redirect = 'hidden';
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
}
i know the code is not great, but i wonder if i should get a refresh token along with the access token ?
if someone are interested i have done like this to fix it... now it works like it should.
this method is called every time i need to do something with the mails (if the access token is not valid then you will not have access, so this is to make sure access is always there.)
public function checktokenexpiry()
{
global $google_client; // this is global as we use it in our webservice.
session_start();
$time_created = json_decode($_SESSION['access_token']);
$t=time();
$timediff=$t-$time_created->created;
if($timediff>3500) // 3500 as i want to have a little time to connect if it is just about to need refreshing.
{
$user = json_decode($_COOKIE['user']);
$usermail = $user->email;
$refreshtoken = $this->model->getRefreshToken($usermail);
$refreshtoken = $refreshtoken[0]['google_refresh_token'];
$google_client->refreshToken($refreshtoken);
$_SESSION['access_token'] = $google_client->getAccessToken();
}
}
I followed the tutorial on the google drive, it says that to persist the authentication/access token we have to use refresh token, so that we don't have to ask user to authenticate/authorize every time we make an API call.
Code:
require_once 'google-api-php-client/src/Google_Client.php';
require_once 'google-api-php-client/src/contrib/Google_DriveService.php';
$client = new Google_Client();
// Get your credentials from the console
$client->setClientId('client ID');
$client->setClientSecret('client secret');
$client->setRedirectUri('URL');
$client->setScopes(array('https://www.googleapis.com/auth/drive'));
$client->setAccessType('offline');
$service = new Google_DriveService($client);
$authUrl = $client->createAuthUrl();
// Exchange authorization code for access token
$accessToken = $client->authenticate();
$client->setAccessToken($accessToken);
$files = $service->files->listFiles();
echo "<pre>"; print_r($files);
This gives me the list of files and folders, but every time I refresh the page it takes me back to google authorization page. I can save the access token in database but how to use that and make API calls without again asking authorization from the user??
Any thoughts??
Thanks,
Aniket
Probably, it's better to use Server to Server authentication by using P12 key:
https://developers.google.com/api-client-library/php/auth/service-accounts
You can impersonate a user account and all files will be accessible by your server.
$client_email = '1234567890- a1b2c3d4e5f6g7h8i#developer.gserviceaccount.com';
$private_key = file_get_contents('MyProject.p12');
$user_to_impersonate = 'user#example.org';
$private_key = file_get_contents($pkey); //notasecret
$scopes = array('https://www.googleapis.com/auth/drive');
$credentials = new \Google_Auth_AssertionCredentials(
$client_email,
$scopes,
$private_key,
'notasecret', // Default P12 password
'http://oauth.net/grant_type/jwt/1.0/bearer', // Default grant type
$user_to_impersonate
);
$client = new \Google_Client();
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion();
}
$service = new \Google_Service_Drive($client);
$files = $service->files->listFiles();
echo "count files=".count($files)."<br>";
foreach( $files as $item ) {
echo "title=".$item['title']."<br>";
}
This will give you all files listed in your Google Drive without any client user interaction.