Fatal error: Uncaught Google_Exception: Invalid client secret JSON file. in /somepath/lib/vendor/google/apiclient/src/Google/Client.php

Question

I have create an OAuth 2.0 Client IDs that looks like this when i download the json:

{
  "web": {
    "client_id": "topsecretstuff.apps.googleusercontent.com",
    "project_id": "health-42",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "GOCSPX-topsecretstuff",
    "redirect_uris": [
      "https://topsecret.domain.tld/oauth2callback.php",
      "https://topsecret.domain.tld/googlelogin.php"
    ]
  }
}

I am trying setup oauth authentication like this

$client = new Google\Client();

$authfile = 'somepath/client_secret.json';
$client->setAuthConfig($authfile);
$client->setRedirectUri('https://topsecret.domain.tld/oauth2callback.php');
$client->setAccessType('offline');        // offline access
$client->setIncludeGrantedScopes(true);   // incremental auth
$client->addScope(Google\Service\Fitness::FITNESS_ACTIVITY_READ);
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
if (isset($_SESSION['access_token']) && $_SESSION['access_token'])
{
    $client->setAccessToken($_SESSION['access_token']);
    echo "Ingelogd met access tolken: " . $_SESSION['access_token'];
}
else
{
    $redirect_uri = 'https://topsecret.domain.tld/oauth2callback.php';
    header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}

But when it opens i get

Fatal error:  Uncaught Google_Exception: Invalid client secret JSON file. in somepath/lib/vendor/google/apiclient/src/Google/Client.php:171
Stack trace:
#0 somepath/client.php(10): Google_Client->setAuthConfig('/somepath...')
#1 somepath/googlelogin.php(32): include_once('/somepath...')
#2 {main}
  thrown in somepath/lib/vendor/google/apiclient/src/Google/Client.php on line 171

I found some topics here with same problem but the all sugest to download json file with type other can't find that option

My o auth2 config at google looks like this

And at download is don't have download option other:

Just 1 option download json

The big question what am i doing wrong ?

cloudxix · Answer 1 · 2023-08-05T05:16:56.293

in your apache conf file for the virtual host of your application's environment, declare the full path to the client_secret.json file:

SetEnv GOOGLE_APPLICATION_CREDENTIALS '/full/path/to/client_secret.json'

then in your production code, replace:

$authfile = 'somepath/client_secret.json';
$json = file_get_contents($authfile);
$client->setAuthConfig($json);

with

$client->useApplicationDefaultCredentials();

this more secure method of declaring the path to your client_secret.json file does not reveal its location in your source code

score -1 · Accepted Answer · answered Aug 04 '23 at 06:24

-1

I found the answer/workaround if do file_get_contents of json in to paramater and pass that to setAuthConfig, same if i add the json inline, it works.

So it seems its a bug in the api.

so the working code looks like this:

$client = new Google\Client();

$authfile = 'somepath/client_secret.json';
$json = file_get_contents($authfile);
$client->setAuthConfig($json);
$client->setRedirectUri('https://topsecret.domain.tld/oauth2callback.php');
$client->setAccessType('offline');        // offline access
$client->setIncludeGrantedScopes(true);   // incremental auth
$client->addScope(Google\Service\Fitness::FITNESS_ACTIVITY_READ);
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
if (isset($_SESSION['access_token']) && $_SESSION['access_token'])
{
    $client->setAccessToken($_SESSION['access_token']);
    echo "Ingelogd met access tolken: " . $_SESSION['access_token'];
}
else
{
    $redirect_uri = 'https://topsecret.domain.tld/oauth2callback.php';
    header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}

answered Aug 04 '23 at 06:24

Bas van den Dikkenberg

202
1
16

I would not say there was a bug in the api. It works as expected (assuming you have the same version), have a look at the [test examples](https://github.com/googleapis/google-api-php-client/blob/c73bdc5734425455f748c134b53598a34e9a4735/tests/Google/ClientTest.php#L325). I a bit surprised that adding `file_get_contents` helped you because [it should be already there](https://github.com/googleapis/google-api-php-client/blob/c73bdc5734425455f748c134b53598a34e9a4735/src/Client.php#L991) – Jimmix Aug 04 '23 at 08:32
@Jimmix No i think its bug becouse the documentation say's i need to specify the file see [link](https://github.com/googleapis/google-api-php-client/blob/main/docs/oauth-web.md#step-1-set-authorization-parameters) – Bas van den Dikkenberg Aug 04 '23 at 09:05
1

indeed `$client->setAuthConfig('client_secret.json');`, but do you have `file_get_contents` [in your library](https://github.com/googleapis/google-api-php-client/blob/c73bdc5734425455f748c134b53598a34e9a4735/src/Client.php#L991)? if so then it should work with passing just a path to a json file as an argument. – Jimmix Aug 04 '23 at 10:39
`useApplicationDefaultCredentials` is google's recommended means for accessing JSON credentials. see my description below for specifics to implement this method. this will definitely resolve your errors and is much more secure than the means you are currently using. – cloudxix Aug 07 '23 at 00:38

Fatal error: Uncaught Google_Exception: Invalid client secret JSON file. in /somepath/lib/vendor/google/apiclient/src/Google/Client.php

2 Answers2