通过Php(Laravel)验证Google ID令牌的完整性

时间:2017-08-06 20:00:22

标签: php laravel google-api-php-client

我正在开发一个有两个方面的应用程序:移动端(IOS)和服务器端(PHP,Laravel 5.4)。我正在使用谷歌自己的类来生成谷歌令牌,并以json格式将它们发送到服务器。

我的Json看起来像这样:

["name": "ali farhangmehr", "email": "ali.farhangmehr@gmail.com", "google_image_url": https://lh5.googleusercontent.com/-6KoifJgUUW0/AAAAAAAAAAI/AAAAAAAAA60/BbWD4fEDvHk/s100/photo.jpg, "googleToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVlYTZiNzAzYjYzOTVmYzJlNWJkNmUzY2EwZjhiMzcxYTE0ODU5YjMifQ.eyJhenAiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDU4NzI5MzY5MDEzOTMwNjEyNTEiLCJlbWFpbCI6ImFsaS5mYXJoYW5nbWVockBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkN6S0htamlYOUhDM2JjaGZRTGJ3ZXciLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE1MDIwNDc4MjAsImV4cCI6MTUwMjA1MTQyMCwibmFtZSI6ImFsaSBmYXJoYW5nbWVociIsInBpY3R1cmUiOiJodHRwczovL2xoNS5nb29nbGV1c2VyY29udGVudC5jb20vLTZLb2lmSmdVVVcwL0FBQUFBQUFBQUFJL0FBQUFBQUFBQTYwL0JiV0Q0ZkVEdkhrL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJhbGkiLCJmYW1pbHlfbmFtZSI6ImZhcmhhbmdtZWhyIiwibG9jYWxlIjoiZW4ifQ.fMbcS3axTumt1hW4_Fss3C3QfLc_Ohhqlj3XfRkDmXixOlnEAV-9GaxI-6IOl0bdh382rJd2Ign4Fjdw8dJ5kGNhMmci9sV-_G50FU3vNH60RptJ04QX7BGrfUOjCJIV5dARJqsCNwqVWItR1F5z-gz9WHA0YKAjMCTWMWSuF03O0yowqzPoajwBLk5VNGOk7Q9fRvKEG7tnTGkckCBSBwWa5KdYnQw-k1OGB9W7qjcQrCelPE8SPzR_GwhHNoAGTOpZXQQSoeDNad8JWbExGZ9MeBDRoaLfLIoV7NRrVaSEwc4wSmga-yqlqjhGaULcdUGOZOasbhDyl28ULEDK2w"]

到目前为止没有问题。然后我必须检查Google令牌是否有效,以便我可以注册用户或登录电子邮件 这是关于此问题的Google自己的文档的链接 https://developers.google.com/identity/sign-in/web/backend-auth

我遵循了所有内容,我的PHP代码如下所示:

$input = $request->all();
$google_token = $input['google_token'] = $request->input('googleToken');

$client_id = $CLIENT_ID; //from my google console
$client=new Google_Client(['client_id' => $client_id]);
$payload=$client->verifyIdToken($google_token);
$client->verifyIdToken($google_token);
if ($payload) {
 // do the login or register
} else {
  return false;
}

每次我收到此错误:

(1/1) SignatureInvalidException
Signature verification failed
in JWT.php (line 112)

Error msg

1 个答案:

答案 0 :(得分:0)

这个问题是因为新的JWT for firebase 只需在JWT上使用旧版本即可使用

composer require firebase/php-jwt:4.0