Google+ sign in, PHP one-time-code/server-side flow without "Silex/twig" -
example code google+ sign-in server-side apps
// create state token prevent request forgery. // store in session later validation. $state = md5(rand()); $app['session']->set('state', $state); // set client id, token state, , application name in html while // serving it. return $app['twig']->render('index.html', array( 'client_id' => client_id, 'state' => $state, 'application_name' => application_name )); 
question: how server-side work without silex/twig ?
i use client library(php)
please test codes works fine
index.php
<?php session_start(); $data['state'] = md5(uniqid(rand(), true)); $_session['state'] = $data['state']; ?> <html itemscope itemtype="http://schema.org/article"> <head> <!-- begin pre-requisites --> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"> </script> <meta name="google-signin-scope" content="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.moments.write https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.profile.agerange.read https://www.googleapis.com/auth/plus.profile.language.read https://www.googleapis.com/auth/plus.circles.members.read https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email" /> <script type="text/javascript"> (function () { var po = document.createelement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://plus.google.com/js/client:plusone.js'; var s = document.getelementsbytagname('script')[0]; s.parentnode.insertbefore(po, s); })(); </script> <!-- end pre-requisites --> </head> <body> <!-- add want sign-in button render --> <div id="signinbutton"> <span class="g-signin" data-scope="https://www.googleapis.com/auth/plus.login" data-clientid="your clientid" data-redirecturi="postmessage" data-accesstype="offline" data-cookiepolicy="single_host_origin" data-callback="signincallback"> </span> </div> <button id="signoutbutton" style="display:none" onclick="signout()">signout</button> <div id="result"></div> <script type="text/javascript"> function signincallback(authresult) { if (authresult['code']) { // hide sign-in button user authorized, example: $('#signinbutton').attr('style', 'display: none'); $('#signoutbutton').attr('style', 'display: block'); var state = '<?php echo $_session['state']; ?>'; var param = new array(); var param = [authresult['code'],state]; // send code server $.ajax({ type: 'post', url: 'plus.php?storetoken&state', contenttype: 'application/octet-stream; charset=utf-8', success: function(result) { // handle or verify server response if necessary. console.log(result); alert('connected'); }, processdata: false, data: param }); } else if (authresult['error']) { alert('could not automatially log in user'); console.log('there error: ' + authresult['error']); } } function signout(){ gapi.auth.signout(); $('#signoutbutton').attr('style', 'display: none'); $('#signinbutton').attr('style', 'display: block'); console.log('sign out'); } </script> </body> </html> plus.php
<?php session_start(); require_once 'src/google_client.php'; require_once 'src/contrib/google_plusservice.php'; $client = new google_client(); $client_id = 'client id'; $client->setclientid($client_id); $client->setclientsecret('client secret'); $client->setredirecturi('postmessage'); $code = explode(",",file_get_contents('php://input')); if (isset($code[1]) && $code[1] === $_session['state']) { $plus = new google_plusservice($client); $client->authenticate($code[0]); $token = json_decode($client->getaccesstoken()); // verify token $requrl = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' . $token->access_token; $req = new google_httprequest($requrl); $tokeninfo = json_decode( $client::getio()->authenticatedrequest($req)->getresponsebody()); $userid = $tokeninfo->user_id; $useremail = $tokeninfo->email; // if there error in token info, abort. if (isset($tokeninfo->error)) { print $tokeninfo->error; } // make sure token got our app. if ($tokeninfo->audience != $client_id) { print "token's client id not match app's."; } print 'token result: ' . print_r($token, true); print '<<<<<<<<<<< tokeninfo >>>>>>> ' . print_r($tokeninfo, true); } else { echo "invalid state parameter"; } don't forget add client id , client secret.
sign out not working in localhost.
Comments
Post a Comment