2

My aim is it to write a php script that query all events from an existing google calendar of one specific google account.

The default scripts to do this works fine. At the moment it works so: Request my php script --> it recognizes that is has no $_GET['code'] parameter --> redirect the browser to google for login --> after login google redirects back to my php script --> and the query on the calendar can be done

But what i want to do now: is that my php script performs the login into this specific google account with the username and password. I have and my script shell retrieve the $_GET['code'] parameter without any user interaction.

I have already spent lots of hours researching and testing but i have not found any solution yet.

Is that even possible? If it is there a way to pass these login datails (username and password) within the request to google authendication to the two-step login form?

In this thread is an hint to use service-accounts: Fatal error: Class 'Google_Auth_AssertionCredentials' not found but i have not figured out how to do this.

Thanks in advance.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
SchließMuskelKater
  • 33
  • 6
  • _"Is that even possible?"_ - no, not really. This auth flow is _meant_ to be performed by an actual person. And you can rest assured, that they will try and put as much obstacles into your way as possible, if you _try_ to do this via scripting. – CBroe Jul 26 '22 at 12:20
  • A service account would be the way to go. https://cloud.google.com/docs/authentication/production – CBroe Jul 26 '22 at 12:20
  • @CBroe did the author mention they where using google workspace? If not then service accounts wont work. Clarification: the Oauth2 flow consent is meant to be preformed by an actual person. Oauth2 flow also allows for a refresh token to be used to request offline access and this part of the flow does not need to be preformed with the user present hence the term offline. – Linda Lawton - DaImTo Jul 26 '22 at 13:00
  • @CBroe and DaimTo - Thanks for your awnsers. With a subscription for a google worspace account i were finally able to manage it. My actual problem was that the whole time i dont wanted to see/accept that such a simple query is only possible with a payd account. I thought that this must be possible some way but i even experiencd that the API-key-authendication is forbidden in this case. Thanks for the clarification. – SchließMuskelKater Jul 27 '22 at 11:00

2 Answers2

1

Logging in to a google account using username and password i was called client login. Google shut this down in 2015.

This is no longer an option. If you want to access private user data you need to use Oauth2 and request authorization as you are doing currently.

service accounts

Note: to clarify @CBroe statement in comments.

Service accounts only work with google calendar if you are using a google workspace domain accounts. You would need to configure domain wide delegation and set up the service account to impersonate a user on the domain.

For standard Gmail user accounts service accounts are not possible with google calendar api.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
0

Finally i made it with a payd google workspace subscription.

At the moment i am not able to reconstruct all the steps but i can give a few hints and ressources that helped me.

Here is an official example for the usage of a service account: https://github.com/googleapis/google-api-php-client/blob/main/examples/service-account.php The templates/base.php file was not part of my composer installation so i had to deploy it myself. It also was necessary to adjust the path to my service-account-credentials-json-file.

Here is another thread about the same topic with some really good explanations: Inserting Google Calendar Entries with Service Account

And then only thing that was missing in my configuration: In the calendar settings i had to add the service accound id (with the @ in it) to grant access to this service account.

For better understanding of the backgrounds i also refer to the comments in this thread.

Another hint: In the google workspace account i had to validate my domain and recreate the project with its credentials and service account.

SchließMuskelKater
  • 33
  • 6