How to get a Google API token

Question

I need to get the Google validation token to use with Google APIs, but my code does not work.

$client_id = '495225261106.apps.googleusercontent.com';
$client_secret = urlencode('MY_SECRET_CDE');
$redirect_uri = urlencode('http://MYPAGE.net/test.php');
//$grant_type = urlencode('authorization_code'); //it does not work either.
$grant_type = 'authorization_code';

$post_string = "code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp6&client_id={$client_id}&client_secret={$client_secret}&redirect_uri={$redirect_uri}&grant_type={$grant_type}";

//echo_key_value('post_string',$post_string);

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/o/oauth2/token');
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);   // Execute the HTTP command
$errmsg = curl_error($ch); 

if($errmsg) echo $errmsg;

The output is:

{"error":"invalid_grant"}

Answer 1

Setup Instructions

• Go to the Google Developers Console
  https://console.developers.google.com/project Select your project or create a new one (and then select it)
• Enable the API for your project In the sidebar on the left, expand APIs & auth > APIs Search for "drive" Click on "Drive API" click the blue "Enable API" button
• Create a service account for your project In the sidebar on the left, expand APIs & auth > Credentials Click blue "Add credentials" button
• Select the "Service account" option
• Select "Furnish a new private key" checkbox Select the "JSON" key type option
• Click blue "Create" button your JSON key file is generated and downloaded to your machine (it is the only copy!)
• open the json file and save your private key to a file called rsa

note your service account's email address (also available in the JSON key file) Share the doc (or docs) with your service account using the email noted above

based on information from ( a fantastic doc ) https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority

for a list of possible API scopes set https://developers.google.com/identity/protocols/googlescopes#sheetsv4

for a purely bash based solution

#!/bin/bash

client_email='your client email'
scope='https://www.googleapis.com/auth/spreadsheets.readonly'

jwt1=`echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e`

exp=$(($(date +%s)+3600))
iat=$(date +%s)

jwt2=`echo -n '{\
"iss":"'"$client_email"'",\
"scope":"'"$scope"'",\
"aud":"https://accounts.google.com/o/oauth2/token",\
"exp":'$exp',\
"iat":'$iat'}' | openssl base64 -e`

jwt3=`echo -n "$jwt1.$jwt2" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`

jwt4=`echo -n "$jwt3" | openssl sha -sha256 -sign rsa | openssl base64 -e`

jwt5=`echo -n "$jwt4" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`

echo $jwt3
echo $jwt5

curl -H -vvv "Content-type: application/x-www-form-urlencoded" -X POST "https://accounts.google.com/o/oauth2/token" -d \
"grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=$jwt3.$jwt5"

for a javascript nodejs based solution see

https://gist.github.com/cloverbox/5ce51a1d8889da9045c5b128a3a2502f

Answer 2

You may find it easier to use Google APIs, especially OAuth stuff, via one of the official client libraries.

Here's a link to the PHP one: http://code.google.com/p/google-api-php-client/

And a link to the docs on OAuth 2.0 with the library (with some great example code): http://code.google.com/p/google-api-php-client/wiki/OAuth2

Answer 3

Don't you have to put " curl_setopt($ch, CURLOPT_POST, true); " before using postfields? Mine is working and except that and I didn't used urlencode on my secret, it's the same