Reputation: 611
PHP Google+ Plaform server side user verification and get access token
I'm using the Google+ Platform on my android app with PlusClient and all that good stuff.
When the user signs in he can interact with my PHP server to get some content, but on every request i want to verify if the user is who he says he is.
For that purpose, on every PHP request i ask for the id and access token so that i can call "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$accessToken" and check if the id is the same as on the access token.
Is this a valid server-side user auth verification method? If not, what is the best approach?
My other question is how do i get the access token when i connect with the PlusClient to send to the PHP server? Do i have to call the GoogleAuthUtil.getToken?
Upvotes: 0
Views: 614
Answers (1)
Reputation: 5813
YES, you'll need to use GoogleAuthUtil.getToken
That's actually what the PhotoHunt Android sample app do.
You just have to copy/paste the source code from https://developers.google.com/+/photohunt/android#authenticating_with_photohunt
sAccessToken = GoogleAuthUtil.getToken(ctx, account, "oauth2:" + Scopes.PLUS_LOGIN + " " + Scopes.PLUS_PROFILE);
Hope it helps
Upvotes: 2
Related Questions
- How can I get this Google Login ID Token from this Android app to verify server-side?
- How to login to Google API in a server app and use Google Plus?
- Google+ Sign In cross client(android/web) authentication
- How to set up Google+ Sign-In for server-side apps for a website?
- Google Authentication Using PHP Library OAuth 2.0
- Verify User from Android on Server-Side
- PHP Google OAuth2 Backend for Android
- how to get Google Plus ID with a Google Authentication
- Google plus cross site identity Android to PHP access token
- How can I Verify Android Generated Tokens on my Server Using PHP?