PHP Authentication with Google One Tap

Question

I've insert "Google One Tap" in my website, then Google returns me "credential" and "g_csrf_token" with POST method. Now I want to know, how I get email address from this "credential" in PHP?

Is there any PHP library or any module for Codeigniter 4?

I have only this in Frontend:

<script src="https://accounts.google.com/gsi/client" async defer></script>
<div id="g_id_onload" data-client_id="000.apps.googleusercontent.com" data-login_uri="https://myweb.com/google"></div>

And in backend file "myurl/google"

print_r($_POST);

Thanks

Answer 1

I spent 3 days for make it working right now, Google's guide not well documented :(. Maybe it will helpful somebody!

Google recently updated the "Google Sign-In JavaScript platform library for Web" with the new "Google Identity Services", More info here: https://developers.google.com/identity/oauth2/web/guides/migration-to-gis

For this, the user can make more easy for authentication with the cloud.

First, you need to generate the simple code here: https://developers.google.com/identity/gsi/web/tools/configurator. You will easy get the code and put to your HTML page. You will need forcus on

<div id="g_id_onload" data-locale="vi" data-callback="yourcallbackfunction"></div>

Declare the function name "yourcallbackfunction(paras){}", paras will give you 2 important things, the client ID and certificate.

Second, you need to verify the token_id (it's actually named certificate) on your server. Maybe a post to your server on yourcallbackfunction function.

Document here: https://developers.google.com/identity/gsi/web/guides/verify-google-id-token

Now the thing is coming sure. Don't care about g_csrf_token either cookie on Google's document. Use this debug tool https://oauth2.googleapis.com/tokeninfo?id_token= if it's returned name, email, picture, sub and so on... then you shold continue.

Third, on your server. Using the code example from "Google API Client Library" The example for parameters:

$CLIENT_ID: 10493xxxxxxx-sjpa2xxxxxxxxxbo5hr3vvk4xxxxxx.apps.googleusercontent.com
$id_token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjFhYWU4ZDdjOTIwNThiNWVlYTQ1Njg5NWJmODkwODQ1NzFlMzA2ZjMiLCJ0eXAiOiJKV1QifQ

require_once 'vendor/autoload.php';

// Get $id_token via HTTPS POST.

$client = new Google_Client(['client_id' => $CLIENT_ID]);  // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
  $userid = $payload['sub'];
  // If request specified a G Suite domain:
  //$domain = $payload['hd'];
} else {
  // Invalid ID token
}

Don't forget to install Google API using composer. On this step you may get the "Invalid ID token" also if the time has expired. In my side it's about 2 minutes.

That's it. It should works.