我正在开发一个只能从使用Google登录的公司VPN访问的站点,该站点正在运行。我正在添加从Google表格导入数据的功能。我已将所需的作用域添加到登录中:
function renderButton()
{
gapi.signin2.render('sign_in', {
'scope': 'profile email https://www.googleapis.com/auth/spreadsheets.readonly',
'width': 120,
'height': 36,
'longtitle': false,
'theme': 'dark',
'onsuccess': onSignIn,
//'onfailure': onFailure
});
}
OnSignIn将令牌存储为cookie:
function onSignIn(googleUser) {
// Useful data for your client-side scripts:
var profile = googleUser.getBasicProfile();
// The ID token you need to pass to your backend:
var id_token = googleUser.getAuthResponse().id_token;
setCookie("Google_ID", profile.getId());
setCookie('Full_Name', profile.getName());
setCookie('Given_Name', profile.getGivenName());
setCookie('Family_Name', profile.getFamilyName());
setCookie("Image_URL", profile.getImageUrl());
setCookie("Email", profile.getEmail());
setCookie("ID_Token", id_token);
doLogin();
}
在doLogin()中,我调用执行php客户端的php脚本(以及不包括的其他无关任务):
$.post(API, {action:'test_google_client'},
function(data, status)
{
console.log("Google result: " + data);
});
调用此使用谷歌php API的php函数:
function Test_Google_Client($dbh)
{
$token = $_COOKIE["ID_Token"];
print('Token Valid: ' . testGoogleToken($token) . '|||');
print('Token: ' . $token . '|||');
$client = getGoogleClient($token);
print('Created Client |||');
$sheets = new Google_Service_Sheets($client);
print('Created Spreadsheet |||');
$spreadsheetId = '<spreadsheet id>';
$range = 'A2:M';
$rows = $sheets->spreadsheets_values->get($spreadsheetId, $range, ['majorDimension' => 'ROWS']);
pre($rows);
}
function getGoogleClient($token)
{
$client = new Google_Client(['client_id' => Get_Client_ID(), 'client_secret' => Get_Client_Secrete()]); // Specify the CLIENT_ID of the app that accesses the backend
$client->setAccessToken($token);
$client->addScope(Google_Service_Sheets::SPREADSHEETS_READONLY);
//$client->setAccessType('offline');
return $client;
}
function testGoogleToken($token)
{
$client = new Google_Client(['client_id' => Get_Client_ID()]); // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($token);
//pre($client);
return $payload;
}
此功能输出的结果是:
Google结果:令牌有效:|||令牌:有效访问令牌 省略 |||创建的客户|||创建的电子表格|||
行
致命 错误:未捕获的Google_Service_Exception:{“错误”: { “代码”:401, “ message”:“请求具有无效的身份验证凭据。预期的OAuth 2访问令牌,登录cookie或其他 有效的身份验证凭证。看到 https://developers.google.com/identity/sign-in/web/devconsole-project." ;, “错误”:[ { “ message”:“无效的凭证”, “ domain”:“ global”, “ reason”:“ authError”, “ location”:“授权”, “ locationType”:“标题” } ], C:\ inetpub \ wwwroot \ Development \ php \ google \ src \ Google \ Http \ REST.php:118中的“ status”:“ UNAUTHENTICATED”}} 堆栈跟踪: 0 C:\ inetpub \ wwwroot \ Development \ php \ google \ src \ Google \ Http \ REST.php(94): Google_Http_REST :: decodeHttpResponse(Object(GuzzleHttp \ Psr7 \ Response), 对象(GuzzleHttp \ Psr7 \ Request),'Google_Service _...') 1 C:\ inetpub \ wwwroot \ Development \ php \ google \ src \ Google \ Task \ Runner.php(176): Google_Http_REST :: doExecute(Object(GuzzleHttp \ Client), 对象(GuzzleHttp \ Psr7 \ Request),'Google_Service _...') 2 C:在 C:\ inetpub \ wwwroot \ Development \ php \ google \ src \ Google \ Http \ REST.php 中 在 118
因此,从本质上讲,verifyIdToken返回的是空值,这意味着令牌无效,而电子表格给出了错误消息,指出该令牌无效。我缺少什么来正确验证和使用ID令牌?
编辑:查看了https://theonetechnologies.com/blog/post/how-to-get-google-app-client-id-and-client-secret上有关设置凭据的更多说明后,我得到了verifyIdToken()以返回正确的值。我还在开发人员控制台中添加了所需的库,并在控制台中为同意屏幕添加了必要的范围。对gsheets的调用仍然返回相同的错误。