Using OAuth2 for Google APIs with PHP
I’ve written about Google and OAuth before, but that was OAuth v1.0, and they are introducing OAuth2 for their newer APIs; in this example I was identifying myself in order to use the Google Plus API (which turns out not to do anything you’d expect it to do, but that’s a whole separate blog post!).
OAuth 1 vs OAuth 2
OAuth 2 doesn’t need an extension or any particular library as it doesn’t have the signing component that OAuth 1 had, and OAuth 2 also has fewer round trips. It does require SSL however, because the requests are in the clear.
As for pretty much everything, you first of all need to register for an API key; Google offers an APIs Console which is where you’ll find and create all the details you need to use.
Use Identification
For a server-side application like this, we’ll use the authorization grant flow of OAuth 2, which involves sending the user over to google to log in and grant access to our application (note there is no request token requirement in OAuth 2). We send them with our API key and a callback URL – google sends them back with a code. Here’s my code which forwards the user to request access:
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "yourkey.apps.googleusercontent.com",
"redirect_uri" => "https://localhost/oauth2callback.php",
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
The user will be forwarded back to us at the URL we specified in the redirect_uri field, and when they arrive, they’ll have a code parameter on the URL which we need to grab. We then use this code to get the actual access token to use with the service. Here’s the code from my application which does this bit:
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "yourkey.apps.googleusercontent.com",
"client_secret" => "YourSecret",
"redirect_uri" => "https://localhost/oauth2callback.php",
"grant_type" => "authorization_code"
);
$request = new HttpRequest($url, HttpRequest::METH_POST);
$request->setPostFields($params);
$request->send();
$responseObj = json_decode($request->getResponseBody());
echo "Access token: " . $responseObj->access_token;
}
Note that this example uses functionality from the pecl_http extension
Once we have the access token, we can use the API and google will know who we are and which third party application is being used to access our data – which is what OAuth is for. The documentation for the Google Plus API is, as for all Google APIs, pretty good, and hopefully this helps you put the initial pieces together so you can get on to the interesting stuff!
Pingback: Lorna Mitchell’s Blog: Using OAuth2 for Google APIs with PHP | Scripting4You Blog
Thank you very muck, very helpfull !
Perfect! I was finally able to get OAuth2 to work in my app with this tutorial.
Thanks so much – I was able to build a quick little test client that accessed by REST API. And I had never written *any* PHP code before finding this example – so your code was wonderfully clear and easy to understand.
If any of you has trouble using PECL http or just prefer using cURL, I have put an example in PHP of getting the access token AND refresh token: http://www.jamesattard.com/2013/04/generate-google-api-refresh-and-access.html
Thanks! totally worked :) I had to ditch the pecl as I’m struggling to get pecl working on my new mac. Any ideas there?
There’s been a new version of the pecl extension and I’ve not made friends with it! I use guzzle for everything now, it’s a great tool and easy to use
Thanks, this is great, really simplifies the authentication. Once I have the token, how do I get the email address or unique user ID that allows me to build access into my web application.
Thanks so much! This really helped!