Fatal编程技术网
  • php/
  • Google Identity Toolkit API for PHP返回无效的\u客户端

Google Identity Toolkit API for PHP返回无效的\u客户端

php

Google Identity Toolkit API for PHP返回无效的\u客户端,php,google-identity-toolkit,oauth2,Php,Google Identity Toolkit,Oauth2,我正在尝试让GoogleIdentityToolkitapi为基于PHP的应用程序工作 我一直在遵循谷歌提供的快速入门指南: 我完全按照步骤进行了检查,反复检查 登录按钮出现在index.php页面上。单击此按钮将重定向到widget.php页面。我可以选择要登录的帐户,然后再次返回到成功登录页面index.php时,我会收到以下错误消息: 致命错误:未捕获异常“Google_Auth_exception”,消息“刷新OAuth2令牌时出错,消息:”{错误: 无效的\u客户端,错误\u说明:O

我正在尝试让GoogleIdentityToolkitapi为基于PHP的应用程序工作

我一直在遵循谷歌提供的快速入门指南:

我完全按照步骤进行了检查,反复检查

登录按钮出现在index.php页面上。单击此按钮将重定向到widget.php页面。我可以选择要登录的帐户,然后再次返回到成功登录页面index.php时,我会收到以下错误消息:

致命错误:未捕获异常“Google_Auth_exception”,消息“刷新OAuth2令牌时出错,消息:”{错误: 无效的\u客户端,错误\u说明:OAuth客户端被删除 无效。}'

我已经尝试在Google开发者控制台中重新创建OAuth客户端。提到的一些检查电子邮件和项目名称字段的搜索结果已经在OAuth同意屏幕上完成,所有这些我都已经完成了

如有任何帮助和建议,将不胜感激。 注意:我只在Identity Toolkit API设置下的可用提供者中使用Google

My index.php页面:

<!DOCTYPE html>
<html>
<head>

<!-- 1: Load the Google Identity Toolkit helpers -->
<?php
  set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ .'/vendor/google/apiclient/src');
  require_once __DIR__ . '/vendor/autoload.php';

  $gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
  $gitkitUser = $gitkitClient->getUserInRequest();
?>
<!-- End modification 1 -->

<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type=text/css rel=stylesheet href="//www.gstatic.com/authtoolkit/css/gitkit.css" />

<script type=text/javascript>
  window.google.identitytoolkit.signInButton(
    '#navbar',
    {
      widgetUrl: "/gitkit",
      signOutUrl: "/index"
    }
  );
</script>
</head>
<body>
<div id="navbar"></div>

<!-- 2: Print the user information if a signed in user is present -->
<p>
  <?php if ($gitkitUser) { ?>
    Welcome back!<br><br>
    Email: <?= $gitkitUser->getEmail() ?><br>
    Id: <?= $gitkitUser->getUserId() ?><br>
    Name: <?= $gitkitUser->getDisplayName() ?><br>
    Identity provider: <?= $gitkitUser->getProviderId() ?><br>
  <?php } else { ?>
    You are not logged in yet.
  <?php } ?>
</p>
<!-- End modification 2 -->

</body>
</html>

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<!-- Copy and paste here the client configuration from Developer Console into the config variable -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type="text/css" rel="stylesheet" href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type="text/javascript">
  var config =
    {
  "widgetUrl": "http://local.myfakedomain.com/gitkit",
  "signInSuccessUrl": "/",
  "signOutUrl": "/",
  "oobActionUrl": "/",
  "apiKey": "<my-api-key-here>",
  "siteName": "this site",
  "signInOptions": ["password","google"]
}
  ;
  // The HTTP POST body should be escaped by the server to prevent XSS
  window.google.identitytoolkit.start(
      '#gitkitWidgetDiv', // accepts any CSS selector
      config,
      JSON.parse('<?php echo json_encode(file_get_contents("php://input")); ?>')
  );
</script>
<!-- End modification -->

</head>
<body>

<!-- Include the sign in page widget with the matching 'gitkitWidgetDiv' id -->
<div id="gitkitWidgetDiv"></div>
<!-- End identity toolkit widget -->

</body>
</html>
My gitkit.php页面:

<!DOCTYPE html>
<html>
<head>

<!-- 1: Load the Google Identity Toolkit helpers -->
<?php
  set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ .'/vendor/google/apiclient/src');
  require_once __DIR__ . '/vendor/autoload.php';

  $gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
  $gitkitUser = $gitkitClient->getUserInRequest();
?>
<!-- End modification 1 -->

<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type=text/css rel=stylesheet href="//www.gstatic.com/authtoolkit/css/gitkit.css" />

<script type=text/javascript>
  window.google.identitytoolkit.signInButton(
    '#navbar',
    {
      widgetUrl: "/gitkit",
      signOutUrl: "/index"
    }
  );
</script>
</head>
<body>
<div id="navbar"></div>

<!-- 2: Print the user information if a signed in user is present -->
<p>
  <?php if ($gitkitUser) { ?>
    Welcome back!<br><br>
    Email: <?= $gitkitUser->getEmail() ?><br>
    Id: <?= $gitkitUser->getUserId() ?><br>
    Name: <?= $gitkitUser->getDisplayName() ?><br>
    Identity provider: <?= $gitkitUser->getProviderId() ?><br>
  <?php } else { ?>
    You are not logged in yet.
  <?php } ?>
</p>
<!-- End modification 2 -->

</body>
</html>

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<!-- Copy and paste here the client configuration from Developer Console into the config variable -->
<script type="text/javascript" src="//www.gstatic.com/authtoolkit/js/gitkit.js"></script>
<link type="text/css" rel="stylesheet" href="//www.gstatic.com/authtoolkit/css/gitkit.css" />
<script type="text/javascript">
  var config =
    {
  "widgetUrl": "http://local.myfakedomain.com/gitkit",
  "signInSuccessUrl": "/",
  "signOutUrl": "/",
  "oobActionUrl": "/",
  "apiKey": "<my-api-key-here>",
  "siteName": "this site",
  "signInOptions": ["password","google"]
}
  ;
  // The HTTP POST body should be escaped by the server to prevent XSS
  window.google.identitytoolkit.start(
      '#gitkitWidgetDiv', // accepts any CSS selector
      config,
      JSON.parse('<?php echo json_encode(file_get_contents("php://input")); ?>')
  );
</script>
<!-- End modification -->

</head>
<body>

<!-- Include the sign in page widget with the matching 'gitkitWidgetDiv' id -->
<div id="gitkitWidgetDiv"></div>
<!-- End identity toolkit widget -->

</body>
</html>
我的gitkit-server-config.json文件:

{
  "clientId": "<my-client-id-here>",
  "projectId": "<my-project-id-here>",
  "serviceAccountEmail": "<my-serviceAccountEmail-here>",
  "serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
  "widgetUrl": "http://local.myfakedomain.com/gitkit",
  "cookieName": "gtoken"
}
在gitkit-server-config.json文件中,serviceAccountEmail不应为空。您可以从Google开发者控制台项目设置页面复制服务帐户电子邮件

以及服务帐户电子邮件,如应用程序示例-com@appname.example.com.iam.gserviceaccount.com,项目Id导致我出现问题

我找到的解决方案是,如果google说您的projectId是example.com:appname,将其更改为appname

我遇到了相同的问题,我通过在服务器配置代码中插入正确的服务帐户电子邮件解决了这个问题:

{
  "clientId": "<my-client-id-here>",
  "projectId": "<my-project-id-here>",
  "serviceAccountEmail": "<Correct-serviceAccountEmail-here>",
  "serviceAccountPrivateKeyFile": "<my-p12-KeyFile-location-here>",
  "widgetUrl": "http://local.myfakedomain.com/gitkit",
  "cookieName": "gtoken"
}
诀窍在于serviceAccountEmail不是您的google电子邮件,要找到正确的电子邮件,请转到凭据,然后在“服务帐户密钥”下单击右侧的“管理服务帐户”链接,转到正在使用的服务并记下电子邮件字段。电子邮件很长,格式类似于服务-name@project-name.xxx.xxxxxxxxx.xxx

解决了我的问题。仅供参考:您可以在此处找到正确的服务帐户电子邮件:查找服务帐户ID列。