Google 身份工具包 API PHP returns INVALID_CLIENT
Google Identity Toolkit API for PHP returns INVALID_CLIENT
我正在尝试让 Google Identity Toolkit API 为基于 PHP 的应用程序工作。
我一直在关注 Google 中的快速入门指南,此处提供:
https://developers.google.com/identity/toolkit/web/quickstart/php
我已经完全按照步骤进行了(并反复检查)。
登录按钮显示在 index.php 页面上。单击此重定向到 widget.php 页面。我可以 select 我想用哪个帐户登录,然后当返回成功登录页面时(再次 index.php )我收到以下错误消息:
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" :
"invalid_client", "error_description" : "The OAuth client was
invalid." }'
我尝试在 Google 开发人员控制台中重新创建 OAuth 客户端。提到检查电子邮件和项目名称字段的一些搜索结果已在 OAuth 同意屏幕上完成,所有这些我都完成了。
如有任何帮助和建议,我们将不胜感激。
注意:我只使用身份工具包 API 设置下的可用提供程序中的 "Google"。
我的 index.php 页面:
<!DOCTYPE html>
<html>
<head>
<!-- 1: Load the Google Identity Toolkit helpers -->
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ .'/vendor/google/apiclient/src');
require_once __DIR__ . '/vendor/autoload.php';
$gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
$gitkitUser = $gitkitClient->getUserInRequest();
?>
<!-- End modification 1 -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type=text/css rel=stylesheet href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type=text/javascript>
window.google.identitytoolkit.signInButton(
'#navbar',
{
widgetUrl: "/gitkit",
signOutUrl: "/index"
}
);
</script>
</head>
<body>
<div id="navbar"></div>
<!-- 2: Print the user information if a signed in user is present -->
<p>
<?php if ($gitkitUser) { ?>
Welcome back!<br><br>
Email: <?= $gitkitUser->getEmail() ?><br>
Id: <?= $gitkitUser->getUserId() ?><br>
Name: <?= $gitkitUser->getDisplayName() ?><br>
Identity provider: <?= $gitkitUser->getProviderId() ?><br>
<?php } else { ?>
You are not logged in yet.
<?php } ?>
</p>
<!-- End modification 2 -->
</body>
</html>
我的 gitkit.php 页面:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- Copy and paste here the client configuration from Developer Console into the config variable -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type="text/css" rel="stylesheet" href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type="text/javascript">
var config =
{
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"signInSuccessUrl": "/",
"signOutUrl": "/",
"oobActionUrl": "/",
"apiKey": "<my-api-key-here>",
"siteName": "this site",
"signInOptions": ["password","google"]
}
;
// The HTTP POST body should be escaped by the server to prevent XSS
window.google.identitytoolkit.start(
'#gitkitWidgetDiv', // accepts any CSS selector
config,
JSON.parse('<?php echo json_encode(file_get_contents("php://input")); ?>')
);
</script>
<!-- End modification -->
</head>
<body>
<!-- Include the sign in page widget with the matching 'gitkitWidgetDiv' id -->
<div id="gitkitWidgetDiv"></div>
<!-- End identity toolkit widget -->
</body>
</html>
我的 gitkit-server-config.json 文件:
{
"clientId": "<my-client-id-here>",
"projectId": "<my-project-id-here>",
"serviceAccountEmail": "<my-serviceAccountEmail-here>",
"serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"cookieName": "gtoken"
}
在您的 gitkit-server-config.json 文件中,serviceAccountEmail 不应为空。您可以从 Google Developers Console 项目设置页面复制服务帐户电子邮件。
以及服务帐户电子邮件(类似于 "app-example-com@appname.example.com.iam.gserviceaccount.com",项目 ID 导致我出现问题。
我找到的解决方案是如果google说你的projectId是"example.com:appname",把它改成"appname"
我遇到了同样的问题,我通过在服务器配置代码中插入 "correct" 服务帐户电子邮件解决了这个问题:
{
"clientId": "<my-client-id-here>",
"projectId": "<my-project-id-here>",
"serviceAccountEmail": "<Correct-serviceAccountEmail-here>",
"serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"cookieName": "gtoken"
}
诀窍是 serviceAccountEmail 不是您的 google 电子邮件,要找到正确的电子邮件,请转到 Credentials 然后在下面服务帐户密钥单击右侧的管理服务帐户 link,转到正在使用的服务并记下电子邮件字段。电子邮件很长,格式类似于 service-name@project-name.xxx.xxxxxxxxx.xxx
我正在尝试让 Google Identity Toolkit API 为基于 PHP 的应用程序工作。
我一直在关注 Google 中的快速入门指南,此处提供: https://developers.google.com/identity/toolkit/web/quickstart/php
我已经完全按照步骤进行了(并反复检查)。
登录按钮显示在 index.php 页面上。单击此重定向到 widget.php 页面。我可以 select 我想用哪个帐户登录,然后当返回成功登录页面时(再次 index.php )我收到以下错误消息:
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_client", "error_description" : "The OAuth client was invalid." }'
我尝试在 Google 开发人员控制台中重新创建 OAuth 客户端。提到检查电子邮件和项目名称字段的一些搜索结果已在 OAuth 同意屏幕上完成,所有这些我都完成了。
如有任何帮助和建议,我们将不胜感激。 注意:我只使用身份工具包 API 设置下的可用提供程序中的 "Google"。
我的 index.php 页面:
<!DOCTYPE html>
<html>
<head>
<!-- 1: Load the Google Identity Toolkit helpers -->
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ .'/vendor/google/apiclient/src');
require_once __DIR__ . '/vendor/autoload.php';
$gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
$gitkitUser = $gitkitClient->getUserInRequest();
?>
<!-- End modification 1 -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type=text/css rel=stylesheet href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type=text/javascript>
window.google.identitytoolkit.signInButton(
'#navbar',
{
widgetUrl: "/gitkit",
signOutUrl: "/index"
}
);
</script>
</head>
<body>
<div id="navbar"></div>
<!-- 2: Print the user information if a signed in user is present -->
<p>
<?php if ($gitkitUser) { ?>
Welcome back!<br><br>
Email: <?= $gitkitUser->getEmail() ?><br>
Id: <?= $gitkitUser->getUserId() ?><br>
Name: <?= $gitkitUser->getDisplayName() ?><br>
Identity provider: <?= $gitkitUser->getProviderId() ?><br>
<?php } else { ?>
You are not logged in yet.
<?php } ?>
</p>
<!-- End modification 2 -->
</body>
</html>
我的 gitkit.php 页面:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- Copy and paste here the client configuration from Developer Console into the config variable -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type="text/css" rel="stylesheet" href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type="text/javascript">
var config =
{
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"signInSuccessUrl": "/",
"signOutUrl": "/",
"oobActionUrl": "/",
"apiKey": "<my-api-key-here>",
"siteName": "this site",
"signInOptions": ["password","google"]
}
;
// The HTTP POST body should be escaped by the server to prevent XSS
window.google.identitytoolkit.start(
'#gitkitWidgetDiv', // accepts any CSS selector
config,
JSON.parse('<?php echo json_encode(file_get_contents("php://input")); ?>')
);
</script>
<!-- End modification -->
</head>
<body>
<!-- Include the sign in page widget with the matching 'gitkitWidgetDiv' id -->
<div id="gitkitWidgetDiv"></div>
<!-- End identity toolkit widget -->
</body>
</html>
我的 gitkit-server-config.json 文件:
{
"clientId": "<my-client-id-here>",
"projectId": "<my-project-id-here>",
"serviceAccountEmail": "<my-serviceAccountEmail-here>",
"serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"cookieName": "gtoken"
}
在您的 gitkit-server-config.json 文件中,serviceAccountEmail 不应为空。您可以从 Google Developers Console 项目设置页面复制服务帐户电子邮件。
以及服务帐户电子邮件(类似于 "app-example-com@appname.example.com.iam.gserviceaccount.com",项目 ID 导致我出现问题。
我找到的解决方案是如果google说你的projectId是"example.com:appname",把它改成"appname"
我遇到了同样的问题,我通过在服务器配置代码中插入 "correct" 服务帐户电子邮件解决了这个问题:
{
"clientId": "<my-client-id-here>",
"projectId": "<my-project-id-here>",
"serviceAccountEmail": "<Correct-serviceAccountEmail-here>",
"serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
"widgetUrl": "http://local.myfakedomain.com/gitkit",
"cookieName": "gtoken"
}
诀窍是 serviceAccountEmail 不是您的 google 电子邮件,要找到正确的电子邮件,请转到 Credentials 然后在下面服务帐户密钥单击右侧的管理服务帐户 link,转到正在使用的服务并记下电子邮件字段。电子邮件很长,格式类似于 service-name@project-name.xxx.xxxxxxxxx.xxx