使用javascript和php与谷歌认证用户

时间:2017-03-17 16:30:03

标签: javascript php oauth-2.0 google-oauth

我想使用Google登录来验证我的PHP帖子。在网页上有一个Google登录按钮(可以正常工作),然后各种功能将从Google获得的id_token发布到我的PHP:

function getAuth() {
            var id_token = theUser.getAuthResponse().id_token;
            var oReq = new XMLHttpRequest();
            oReq.onload = function() {
                console.log(this.responseText);
            }
            oReq.open("POST", "databaseAccess.php", true);
            oReq.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
            oReq.send("oc="+id_token);
        }

在服务器端:

<?php

if (isset($_POST["oc"])) {
    $code = $_POST["oc"];
    $client_id = "xxxxxxxxxxx.apps.googleusercontent.com";
    $redirect_uri = "http://myDomain/responder.html";
    $client_secret = "xxxxxxxx";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/v2/auth");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_FAILONERROR, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, array(
        'response_type' => 'code',
        'scope' => 'profile',
        'client_id' => $client_id,
        'redirect_uri' => $redirect_uri
    ));

    $data = curl_exec($ch);
}

echo($data);

?>

但结果是&#34; 1&#34;,我认为我不应该期待。

SO question我也尝试过:

    $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
        curl_setopt($ch, CURLOPT_POST, TRUE);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FAILONERROR, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, array(
            'code' => $code,
            'client_id' => $client_id,
            'client_secret' => $client_secret,
            'redirect_uri' => $redirect_uri,
            'grant_type' => 'authorization_code'
        ));

        $data = curl_exec($ch);
echo($data)

但这没有任何回报:谷歌的沉默。根据{{​​3}},我也可以做一个更简单的

https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123

所以在PHP文件中,我试过:

$data = http_build_query(array(
        'id_token' => $code
    ));
    echo("DATA: ".$data);

    $context = stream_context_create(array(
    'https' => array(
        'method' => 'GET',
        'header' => 'Content-Type: application/x-www-form-urlencoded',
        'content' => $data
    )
));

// Make POST request
    $response = file_get_contents('https://www.googleapis.com/oauth2/v2/tokeninfo', false, $context);
    echo("PHP OUT: ".$response);

有了这个,我得到了错误:

either access_token, id_token, or token_handle required

键入网络浏览器:

https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=xxx0Cc6

我从网页上收到的有效令牌javascript给了我一个合适的结果:

{
 "issued_to": "8jijijijijijihb.apps.googleusercontent.com",
 "audience": "8jijijijijijij20hb.apps.googleusercontent.com",
 "user_id": "1128jijijijijij38756",
 "expires_in": 2412,
 "email": "me@googlemail.com",
 "verified_email": true
}

希望有人可以告诉我,在我的PHP中,我可以像这样收到一个结果。使用PHP beta api在我的服务器上也证明是徒劳的。

1 个答案:

答案 0 :(得分:0)

试试这个:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={$oc}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);


$data = curl_exec($ch);
echo($data)
相关问题
最新问题