Google API PHP 客户端授权

Posted 2023-02-24

【中文标题】Google API PHP 客户端授权

【英文标题】：Google API PHP Client Authorization

【发布时间】：2020-09-23 03:50:36

【问题描述】：

我在授权某些请求时遇到问题，并且收到 401“Invalid Credentials”错误。申请流程如下。用户使用 Google 登录按钮登录我的网站。我正在使用离线访问参数，并将刷新令牌保存在会话中。用户登录后，我试图从他们的 YouTube 帐户中检索他们的所有播放列表（公共和私人）。

$client->setScopes('https://www.googleapis.com/auth/youtube.readonly');
if (isset($_SESSION['googletoken']['refresh_token']))
$client->setAccessToken($_SESSION['googletoken']['refresh_token']);
$tokenSessionKey = $client->prepareScopes();

$params = [
'maxResults' => 1,
'mine' => true

];

try

  $queryParams = [
  'maxResults' => 1,
  'mine' => true
];

  $listResponse = $youtube->playlists->listPlaylists('snippet', $queryParams);

【问题讨论】：

为什么要使用刷新令牌设置访问令牌？使用访问令牌设置访问令牌。

【参考方案1】：

您正在使用您应该使用的刷新令牌设置访问令牌

$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

Oauthcallback.php

require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/Oauth2Authentication.php';

// Start a session to persist credentials.
session_start();

Oauth2Authncation.php

require_once __DIR__ . '/vendor/autoload.php';
/**
 * Gets the Google client refreshing auth if needed.
 * Documentation: https://developers.google.com/identity/protocols/OAuth2
 * Initializes a client object.
 * @return A google client object.
 */
function getGoogleClient() 
    $client = getOauth2Client();

    // Refresh the token if it's expired.
    if ($client->isAccessTokenExpired()) 
        $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
        file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
    
return $client;


/**
 * Builds the Google client object.
 * Documentation: https://developers.google.com/identity/protocols/OAuth2
 * Scopes will need to be changed depending upon the API's being accessed.
 * Example:  array(Google_Service_Analytics::ANALYTICS_READONLY, Google_Service_Analytics::ANALYTICS)
 * List of Google Scopes: https://developers.google.com/identity/protocols/googlescopes
 * @return A google client object.
 */
function buildClient()

    $client = new Google_Client();
    $client->setAccessType("offline");        // offline access.  Will result in a refresh token
    $client->setIncludeGrantedScopes(true);   // incremental auth
    $client->setAuthConfig(__DIR__ . '/client_secrets.json');
    $client->addScope([YOUR SCOPES HERE]);
    $client->setRedirectUri(getRedirectUri());  
    return $client;


/**
 * Builds the redirect uri.
 * Documentation: https://developers.google.com/api-client-library/python/auth/installed-app#choosingredirecturi
 * Hostname and current server path are needed to redirect to oauth2callback.php
 * @return A redirect uri.
 */
function getRedirectUri()

    //Building Redirect URI
    $url = $_SERVER['REQUEST_URI'];                    //returns the current URL
    if(strrpos($url, '?') > 0)
        $url = substr($url, 0, strrpos($url, '?') );  // Removing any parameters.
    $folder = substr($url, 0, strrpos($url, '/') );   // Removeing current file.
    return (isset($_SERVER['HTTPS']) ? "https" : "http") . '://' . $_SERVER['HTTP_HOST'] . $folder. '/oauth2callback.php';



/**
 * Authenticating to Google using Oauth2
 * Documentation:  https://developers.google.com/identity/protocols/OAuth2
 * Returns a Google client with refresh token and access tokens set. 
 *  If not authencated then we will redirect to request authencation.
 * @return A google client object.
 */
function getOauth2Client() 
    try 

        $client = buildClient();

        // Set the refresh token on the client. 
        if (isset($_SESSION['refresh_token']) && $_SESSION['refresh_token']) 
            $client->refreshToken($_SESSION['refresh_token']);
        

        // If the user has already authorized this app then get an access token
        // else redirect to ask the user to authorize access to Google Analytics.
        if (isset($_SESSION['access_token']) && $_SESSION['access_token']) 

            // Set the access token on the client.
            $client->setAccessToken($_SESSION['access_token']);                 

            // Refresh the access token if it's expired.
            if ($client->isAccessTokenExpired())               
                $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
                $client->setAccessToken($client->getAccessToken()); 
                $_SESSION['access_token'] = $client->getAccessToken();              
                       
            return $client; 
         else 
            // We do not have access request access.
            header('Location: ' . filter_var( $client->getRedirectUri(), FILTER_SANITIZE_URL));
        
     catch (Exception $e) 
        print "An error occurred: " . $e->getMessage();
    


// Handle authorization flow from the server.
if (! isset($_GET['code'])) 
    $client = buildClient();
    $auth_url = $client->createAuthUrl();
    header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
 else 
    $client = buildClient();
    $client->authenticate($_GET['code']); // Exchange the authencation code for a refresh token and access token.
    // Add access token and refresh token to seession.
    $_SESSION['access_token'] = $client->getAccessToken();
    $_SESSION['refresh_token'] = $client->getRefreshToken();    
    //Redirect back to main script
    $redirect_uri = str_replace("oauth2callback.php",$_SESSION['mainScript'],$client->getRedirectUri());    
    header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));

【讨论】：

我的代码中没有这个！太感谢了！！！ $client->setIncludeGrantedScopes(true); // 增量认证

谁能告诉我需要什么来代替____DIR____ ?????

@ekashking 是一个魔法常数，它是 php 的一部分，它表示当前目录 ***.com/a/32537649/1841839

所以它与../ 相同。此外，那里已经没有 VENDOR 文件夹了。