CODEWITHSUNDEEP
phpandroidgoogle-api-php-client
imin
imin

Reputation: 4578

Verifying id token using www.googleapis.com and google-api-php-client

So I retrieved the token ID from my android app using 

GoogleSignInAccount acct = result.getSignInAccount();
String idToken = acct.getIdToken();

If I tried to verify the token using https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=idToken

then it will be successfull; I mean googleapis.com would return something like:

{
iss: "https://accounts.google.com",
aud: "12312331-hjs13hbf0j1ge08s7lvepiupiljuokce.apps.googleusercontent.com",
sub: "23432432",
email_verified: "true",
azp: "12312331-nvi4gh28jekfm3e48ofqeh1c5rof2rsa.apps.googleusercontent.com",
email: "[email protected]",
iat: "123213123",
exp: "123213123",
name: "Me Miow",
picture: "https://lh5.googleusercontent.com/-XXXX/AAAAAAAAAAI/XXXX/XXXX/s96-c/photo.jpg",
given_name: "Me",
family_name: "Miow",
locale: "en",
alg: "RS256",
kid: "849996986ecf01a6c8xxxxxxx"
}

But if use the library https://github.com/google/google-api-php-client and run the idtoken.php?code=idToken library from google\apiclient\examples it would return

Fatal error: Uncaught InvalidArgumentException: Invalid token format in /home/meowww/public_html/meniti/vendor/google/apiclient/src/Google/Client.php:423 Stack trace: #0 /home/meowww/public_html/meniti/idtoken.php(65): Google_Client->setAccessToken(Array) #1 {main} thrown in /home/meowww/public_html/meniti/vendor/google/apiclient/src/Google/Client.php on line 423

Why would the google-api-php-client display an error?

Upvotes: 0

Views: 785

Answers (1)

trajchevska
trajchevska

Reputation: 952

The $_GET['code'] is a unique value returned by Google after a user has been authenticated. It is different than the id_token, that's why you get the InvalidArgumentException. The example you're looking at is actually an auth example, which covers all steps required to get an id token. If you already have that token and you want to verify it on the backend side as well, you can skip all those steps and go right to the verification. That is:

$token_data = $client->verifyIdToken($id_token)->getAttributes();

I believe you need to have offline access enabled to pull this.

Upvotes: 2

Related Questions