Question
I'm trying to work with the php client of google Oauth2 api to validate an id_token. The id_token is provided by a javascript app on which the user login his google account, and i'm givin this token to my php api server, in order to validate it and retrieve the right informations from my bdd.
The login in javascript is successfull and the access and id_token seems right, but when I try to verify it with Google_Client->verifyIdToken()
https://stackoverflow.com/questions/23104721
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$client = new Google_Client();
$ticket = $client->verifyIdToken(myToken);
, it return an invalid token signature exception (fail when trying to use the google cert to valid the token).
My first assumption was to think the token is not valid, so to make sur it is, i submited it to google validation url https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=token
it return user info, so my token seems to be valid :
{
issuer: "accounts.google.com",
issued_to: "id",
audience: "id",
user_id: "id",
expires_in: 2149,
issued_at: 1397636222,
email: "mail",
verified_email: true
}
Tried everything i can think of, but can't solve this one. can someone help me ?
EDIT : I pass it only the id_token wich i get when i authenticate on my javascript app
access_token: "ya ... Es"
authuser: "1"
client_id: "81 ... .apps.googleusercontent.com"
code: "4/9... gI"
cookie_policy: "single_host_origin"
expires_at: "1397723048"
expires_in: "3600"
g-oauth-window: Window
g_user_cookie_policy: "single_host_origin"
hd: "dmic.fr"
id_token: "ey... d8E" <====================================
issued_at: "1397719448"
num_sessions: "2"
prompt: "none"
response_type: "code token id_token gsession"
scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me"
session_state: "9 ... 2162..936b"
state: ""
status: Object
token_type: "Bearer"
at some point i also tried to pass the whole access_token to $client->setAccessToken() and call $client->verifyIdToken() with no parameters (extract id_token from acess_token himself) with the same result.
All the code i use is already posted, i also tried to set apikey, client_id, client_secret, with no result
Solution
I had a similar problem, I've got an "Invalid token signature" error from oauth2client, but it worked with the tokeninfo API call.
In my case it was probably caused by the crypto lib used by oauth2client, as the problem disappeared when I replaced pycrypto 2.6 with pyopenssl 0.15.1. PyCrypto bug maybe?
EDIT: Yep, verified, it's a PyCrypto bug. It has been closed 20 hours ago :D
OTHER TIPS
The parameter you supply to the verifyIdToken function should be an object, not just a token string, but you might want to try a different approach.
Try passing the code property from the Javascript object you posted above into the PHP Client's authenticate function. This should authenticate the user on the server side, and populate the PHP Client object's access token for you. You can then call verifyIdToken with no arguments. Something like this:
$client = new Google_Client();
// Setup Client Id and secret
...
//Authenticate client with the code posted via javascript
$client->authenticate($code);
// Verify the id token
$verifiedToken = $client->verifyIdToken();
You may also need to update your Google API PHP library, I think they recently changed the format of objects returned from these APIs.
If the idToken that you are passing to the function is from the log of your mobile/web app, it is likely that you are not getting the entire idToken printed in the log due to the limitations of generic print function.
I used the below code snippet to print out the idToken and used that in the API which gave me a success response.
print('ID TOKEN');
String token = googleAuth.idToken;
while (token.length > 0) {
int initLength = (token.length >= 500 ? 500 : token.length);
print(token.substring(0, initLength));
int endLength = token.length;
token = token.substring(initLength, endLength);
}
Note: The code snippet is specific to flutter but the login can be reused in any framework.
