7

http://api.chan15.info/google-stackoverflow.html

This is the sample code I use to let user login via Google JavaScript API, and it's work, next step is use user id to login to local server via PHP, but use the user id by JavaScript is pretty danger, the real procedure I want is:

  1. login user via JavaScript API
  2. get access_token from JavaScript
  3. pass the access token to PHP
  4. use access token to Google OAuth to get user id again by PHP
  5. login the user by user id

but I don't know how to get access token.

paulzmuda
  • 181
  • 1
  • 8
Chan
  • 1,947
  • 6
  • 25
  • 37
  • The Google login API should redirect to a page of your choosing, that's where you'll get the token on the serverside, and then get the data with the token etc. – adeneo Apr 16 '15 at 22:10
  • JavaScript API seems not doing the redirect work – Chan Apr 16 '15 at 22:16
  • It does if you do a hybrid login -> https://developers.google.com/+/web/signin/server-side-flow – adeneo Apr 16 '15 at 22:19
  • The problem is, my company is using PHP 5.1, Google PHP SDK require PHP 5.2+, that's why I need to do the login stuff as tired as this way – Chan Apr 16 '15 at 22:32
  • Wait a minutes, is that mean I can't use the access token and doing curl to get information by myself, like Facebook graph API? – Chan Apr 16 '15 at 22:36
  • Check this answer http://stackoverflow.com/a/38094113/1153703 – Bikesh M Jun 29 '16 at 09:36

1 Answers1

5

After the user is logged in to their Google account using the Javascript Oauth2 API the access token can be found here:

gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token;

I've used this to pass the token along to a separate curl PHP request as well as CORS. Since Google's JS API is still Beta I had to resort to sending a PHP curl request in the past. If you're planning to store the token for access after the user navigates away I'd also also get the token expiration date and call another function that wipes out the stored token whenever expired or explicitly revoked. But for me it was just easier to pull this right after successful login each time since I only needed to call the PHP function once and in real-time with AJAX as a bandaid.

PS: You might want to change the original category from Java to Javascript

paulzmuda
  • 181
  • 1
  • 8