I'd like to use Google sign-in to authenticate posts to my PHP. On the webpage there is a Google sign-in button (which works) and then various functions post the id_token obtained from Google to my PHP:
function getAuth() {
var id_token = theUser.getAuthResponse().id_token;
var oReq = new XMLHttpRequest();
oReq.onload = function() {
console.log(this.responseText);
}
oReq.open("POST", "databaseAccess.php", true);
oReq.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
oReq.send("oc="+id_token);
}
on the server-side:
<?php
if (isset($_POST["oc"])) {
$code = $_POST["oc"];
$client_id = "xxxxxxxxxxx.apps.googleusercontent.com";
$redirect_uri = "http://myDomain/responder.html";
$client_secret = "xxxxxxxx";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/v2/auth");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'response_type' => 'code',
'scope' => 'profile',
'client_id' => $client_id,
'redirect_uri' => $redirect_uri
));
$data = curl_exec($ch);
}
echo($data);
?>
But the result is "1", which I don't think I should be expecting.
From a SO question I also tried:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
$data = curl_exec($ch);
echo($data)
But this returns nothing: a stoney silence from Google. According to the docs I can also just do a more simple
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
so in the PHP file, I tried:
$data = http_build_query(array(
'id_token' => $code
));
echo("DATA: ".$data);
$context = stream_context_create(array(
'https' => array(
'method' => 'GET',
'header' => 'Content-Type: application/x-www-form-urlencoded',
'content' => $data
)
));
// Make POST request
$response = file_get_contents('https://www.googleapis.com/oauth2/v2/tokeninfo', false, $context);
echo("PHP OUT: ".$response);
With this I get the error:
either access_token, id_token, or token_handle required
Typing into a web browser:
https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=xxx0Cc6
with a valid token I receive from the web page's javascript gives me an appropriate result:
{
"issued_to": "8jijijijijijihb.apps.googleusercontent.com",
"audience": "8jijijijijijij20hb.apps.googleusercontent.com",
"user_id": "1128jijijijijij38756",
"expires_in": 2412,
"email": "[email protected]",
"verified_email": true
}
Hopefully someone can tell me how, in my PHP I can receive a result just like this. Using the PHP beta api has also proved fruitless on my lowly server.
