1

I'm here:

https://developers.google.com/+/web/signin/server-side-flow

On steps 7 and 8 there is reference to the variable $request yet this variable is not initialized, therefore copying and pasting from their provided example doesn't work, I get 500 server error just with the first line from step 7 or step 8 alone, step 8 line using $request, never initialized from their example.

$code = $request->getContent();
lbennet
  • 1,083
  • 5
  • 14
  • 31

1 Answers1

2

The sample code you are looking at uses Twig which contains $request and $response values to simplify RESTful endpoints.

The following code does the equivalent code without the Twig dependencies:

<?php
require_once 'google-api-php-client/src/Google_Client.php';
require_once 'google-api-php-client/src/contrib/Google_PlusService.php';

  $client = new Google_Client();

  // CLIENT ID / Secret from https://code.google.com/apis/console
  $CLIENT_ID = 'YOUR_CLIENT_ID';
  $client->setClientId($CLIENT_ID);
  $client->setClientSecret('YOUR_CLIENT_SECRET');

  // CUSTOM redirect URI assuming code from JavaScript callback
  $client->setRedirectUri('postmessage');

  $plus = new Google_PlusService($client);

  // Code from the client (returned in signinCallback, or in token on Android)
  $code = file_get_contents('php://input');

  // Exchange the OAuth 2.0 authorization code for user credentials.
  $client->authenticate($code);
  $token = json_decode($client->getAccessToken());

  // Verify the token
  $reqUrl = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' .
          $token->access_token;

  $req = new Google_HttpRequest($reqUrl);

  $tokenInfo = json_decode(
      $client::getIo()->authenticatedRequest($req)->getResponseBody());

  // If there was an error in the token info, abort.
  if ($tokenInfo->error) {
    print $tokenInfo->error;
  }
  // Make sure the token we got is for our app.
  if ($tokenInfo->audience != CLIENT_ID) {
    print "Token's client ID does not match app's.";
  }

  print 'Token from result: ' . print_r($token, true);
class
  • 8,621
  • 29
  • 30
  • Thanks for answer.It works but i get this error in console: `Notice: Undefined property: stdClass::$error in C:\wamp\www\test\signin\plus.php on line 35` with `Token's client ID does not match app's.Token from result: stdClass Object ( [access_token] => ya29.1.AADtN_UxepFP258zs1lCee2cUa35vH6eXnf8pt251LzqtmNuO1ZtdAiLY9ewaEo [token_type] => Bearer [expires_in] => 3594 [id_token] => long id here [created] => 1396165875 )`how i can handle error? how to `Create an anti-request forgery state token` for this ? doc here: https://developers.google.com/+/web/signin/server-side-flow – user2511140 Mar 30 '14 at 19:02
  • Take the access token from the failed response, run it against the TokenInfo endpoint: https://developers.google.com/apis-explorer/#p/oauth2/v2/oauth2.tokeninfo and verify that the client ID associated with your project's. If they don't you have a configuration error somewhere, search your code sources for the stray ID. – class Mar 31 '14 at 15:40
  • Thanks a lot @Class. How i can `Create an anti-request forgery state token` for php?(in this example) – user2511140 Mar 31 '14 at 18:45
  • @user2511140 This is best covered in a separate question [http://stackoverflow.com/questions/10466241/new-csrf-token-per-request-or-not] for more detail but you want to generate a string that you can later check. – class Apr 01 '14 at 17:50