Google always returns false verifying id token

Question

I have the next code, got directly from google reference (https://developers.google.com/identity/sign-in/web/backend-auth)

public function verifyFromAndroid($idToken=null) {
        if(empty($idToken)) {
            $idToken = self::SAMPLE_ID_TOKEN;
        }
        $client = new Google_Client(['client_id' => self::CLIENT_ID]);
        $payload = $client->verifyIdToken($idToken);
        if ($payload) {
            print_r($payload);
            $userid = $payload['sub'];
            // If request specified a G Suite domain:
            //$domain = $payload['hd'];
        } else {
            var_dump($payload);
            $this->lastError = "Invalid ID token";
            return false;
        }
    }

But this method always returns false, even using a valid id token that is created and working using the oauthplayground online tool.

The next code works fine, using directly the GoogleAccessToken_Verify class. Can someone tell me why the official Google code doesn't work and yes my own code using the official Google-clien-php sdk?

try {
            $verify = new Google_AccessToken_Verify();
            $result = $verify->verifyIdToken($this->idToken);
            if($result) {

                print_r($result);
                $friendlyData = $this->translateData($result, true);
                if(!$friendlyData) {
                    return false;
                }
                return $friendlyData;
            }
            else {
                $this->lastError = "Invalid token verification, no error code";
                return false;
            }
        }
        catch(UnexpectedValueException $ex) {
            $this->lastError = "UnVaEx (Code {$ex->getCode()}): {$ex->getMessage()}";
            return false;
        }

Answer 1

I faced the same issue. After checking different PHP versions, I found that the google client library is working in PHP7.4 but not with PHP8.0.

Please try the below code after downgrading the version of PHP to 7.4

require_once 'vendor/autoload.php';

$id_token = $_POST['credential'];

$client = new Google_Client(['client_id' => $CLIENT_ID]);  // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
  $userid = $payload['sub'];
  // If request specified a G Suite domain:
  //$domain = $payload['hd'];
} else {
  // Invalid ID token
}

Or For development and debugging, you can call google oauth2 tokeninfo validation endpoint.

https://oauth2.googleapis.com/tokeninfo?id_token=$id_token

Answer 2

Before you begin register your backend URL at https://developers.google.com/identity/sign-in/web/sign-in with Configure your project button and don't use any credidentials or api key in your code. After doing them your code should look like to this.

public function verifyFromAndroid($idToken=null) {
    if(empty($idToken)) {
        $idToken = self::SAMPLE_ID_TOKEN;
    }
    //As you notice we don't use any key as a parameters in Google_Client() API function
    $client = new Google_Client();
    $payload = $client->verifyIdToken($idToken);
    if ($payload) {
        print_r($payload);
        $userid = $payload['sub'];
        // If request specified a G Suite domain:
        //$domain = $payload['hd'];
    } else {
        var_dump($payload);
        $this->lastError = "Invalid ID token";
        return false;
    }
}

I hope it helps.

Answer 3

Had a similar issue.Deleted my android app on firebase console and created a fresh app wirh debug key sha1.Then downloaded and replaced my google.json into my app.This fixed my issue.This has happened to me twice now. At times you just need to recreate the android app on firebase console.

Answer 4

try adding complete client ID

xxxxxxxxxxxxxx-xxxxx-yy-zz.apps.googleusercontent.com

while initiating the

$client = new Google_Client(['client_id' => self::CLIENT_ID]);

It should work i was also facing the same issue ...