1. 首页
  2. 问答
  3. 使用Google OAuth 2.0和PHP/JS自动刷新令牌

使用Google OAuth 2.0和PHP/JS自动刷新令牌

2017-08-28 98 views
0

我有一个应用程序使用Google Sign-In for Websites,但只要用户的会话处于活动状态就想刷新令牌(例如,他们登录,闲置2小时但将标签打开,回来并且不必重新进行认证)。使用Google OAuth 2.0和PHP/JS自动刷新令牌

基于我的研究,它看起来像这个requires setting offline access类型,但我不确定这是否是正确的方向。

如果这是正确的方向 - 我失去了如何将它添加到我现有的代码。

这里是我的登录页面代码:

<!doctype html> 
<html> 
<head> 

    <!-- jQuery --> 
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> 

    <!-- Custom --> 
    <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet"> 
    <link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet"> 
    <link href="<?php echo $pathTo ?>css/particles.css" rel="stylesheet"> 
    <link href="<?php echo $pathTo ?>css/style.css" rel="stylesheet"> 

    <meta name="google-signin-client_id" content="<?php echo GAPI_CLIENTID ?>"> 

</head> 
<body class="loginPage"> 

    <div class="se-pre-con" style="display: none"></div> 

    <div id="particles-js"> 

     <div id="loginBox"> 

      <div class="logo"></div> 

      <div id="googleSignIn"></div> 

      <?php if(isset($message)) { ?> 
       <p class="loginMessage"><?php echo $message ?></p> 
      <?php } ?> 

     </div> 

    </div> 

    <script> 

    function onSuccess(googleUser) { 
     var id_token = googleUser.getAuthResponse().id_token; 
     $(".se-pre-con").fadeIn("slow"); 
     var authUrl = "auth.php?id_token=" + id_token; 
     <?php if(isset($_GET['retUrl'])) { ?> 
      authUrl += "&retUrl=<?php echo urlencode($_GET['retUrl']); ?>"; 
     <?php } ?> 
     window.location.href = authUrl; 
    } 

    function onFailure(error) { 
     console.log(error); 
    } 

    function renderButton() { 
     gapi.signin2.render('googleSignIn', { 
      'scope': 'profile email', 
      'width': 240, 
      'height': 50, 
      'longtitle': true, 
      'theme': 'dark', 
      'onsuccess': onSuccess, 
      'onfailure': onFailure 
     }); 
    } 

    </script> 

    <script src="https://apis.google.com/js/platform.js?onload=renderButton" async defer></script> 

    <script src="<?php echo $pathTo ?>js/particles.js"></script> 
    <script src="<?php echo $pathTo ?>js/particles/app.js"></script> 
    <script src="<?php echo $pathTo ?>js/particles/lib/stats.js"></script> 

</body> 
</html>

这是我的auth.php页:

<?php 

require_once('tool/config/db.php'); 
require_once('tool/config/global.php'); 

if(isset($_GET['id_token'])) { 
    $id_token = $_GET['id_token']; 
} else { 
    $id_token = ""; 
} 

if(isset($_GET['retUrl'])) { 
    $retUrl  = $_GET['retUrl']; 
} else { 
    $retUrl  = ""; 
} 

if($id_token != "") { 

    $url  = "https://www.googleapis.com/oauth2/v3/tokeninfo"; 

    $params  = "access_type=offline&id_token=".$id_token; 

    $curl = curl_init($url); 
      curl_setopt($curl, CURLOPT_HEADER, false); 
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
      curl_setopt($curl, CURLOPT_POST, true); 
      curl_setopt($curl, CURLOPT_POSTFIELDS, $params); 

    $json_response = curl_exec($curl); 

    $status = curl_getinfo($curl, CURLINFO_HTTP_CODE); 

    if ($status != 200) { 
     $fail = 1; 
     die("Error: call to token URL $token_url failed with status $status, response $json_response, curl_error " . curl_error($curl) . ", curl_errno " . curl_errno($curl)); 
    } 

    curl_close($curl); 

    $response = json_decode($json_response, true); 

    if(!empty($response)) { 

     if(
      //isset($response['exp']) && 
      //$response['exp'] > strtotime(date("Y-m-d H:i:s")) && 
      isset($response['iss']) && 
      ($response['iss'] == "accounts.google.com" || $response['iss'] == "https://accounts.google.com") && 
      isset($response['hd']) && $response['hd'] == "MYDOMAIN.com" 
     ) { 
      $success = 1; 
     } else { 
      $success = 0; 
     } 

    } 

} 

## Log the login attempt ## 
if(isset($response['email'])) { 
    $email  = mysqli_real_escape_string($conn,$response['email']); 
} else { 
    $email  = ""; 
} 
if(isset($response['name'])) { 
    $name  = mysqli_real_escape_string($conn,$response['name']); 
} else { 
    $name  = ""; 
} 
$id_token = mysqli_real_escape_string($conn,$id_token); 

$sql  = " INSERT INTO logins (loginDate,email,name,id_token,success) 
       VALUES ('".date("Y-m-d H:i:s")."','".$email."','".$name."','".$id_token."','".$success."')"; 

mysqli_query($conn,$sql) or die(mysqli_error($conn)); 

## Compre against Users table ## 

$sql  = "SELECT * FROM users WHERE emailAddress = '$email' AND active = '1' AND access = '1'"; 

$userCheck = mysqli_query($conn,$sql) or die(mysqli_error($conn)); 

if(mysqli_num_rows($userCheck) == 0) { 
    $access = 0;  
} else { 
    while($row = mysqli_fetch_assoc($userCheck)) { 
     $checkAdmin  = $row['admin']; 
     $checkAccess = $row['access']; 
     $checkActive = $row['active']; 
    } 
} 

## Approve or deny ## 
if(isset($success) && $success == 1 && isset($checkAccess) && $checkAccess == 1) { 
    session_start(); 
    $_SESSION['login'] = "authenticated"; 
    $_SESSION['name'] = $response['name']; 
    $_SESSION['email'] = $response['email']; 
    $_SESSION['admin'] = $checkAdmin; 
    if(isset($_GET['retUrl'])) { 
     header('Location: ..'.$_GET['retUrl']);  
    } else { 
     header('Location: tool/'); 
    } 
} elseif((isset($success) && $success == 1) && (!isset($checkAccess) || $checkAccess == 0)) { 
    // reject attempt due to lack of access 
    header('Location: logout.php?e=request_access'); 
} else { 
    // reject attempt 
    header('Location: logout.php?e=invalid_login'); 
} 

?>

来源

2017-08-28 Matt

+0

以下是一些示例:https://developers.google.com/api-client-library/php/auth/web-app – jwilleke

+0

@ jwilleke设置离线访问权限是为我的用例做的正确事情吗? – Matt

回答

0

从谷歌的角度来看,请求offline access设置grant_type = refresh_token它允许你执行如果access_token已经或即将过期,请刷新。所以如果这是你的用例,那么是的,这似乎是正确的方法。

这将要求最终用户授权离线访问您的应用程序。

来源

2017-08-30 07:49:59 jwilleke

相关问题

 相关问题