标签：php javascript google-plus google-oauth google-api-php-client

我正在尝试稍微改变Google网络登录服务器端流程,如Google Developer’s website所述.

我有一个员工登录页面(staff_login.php),它使用谷歌的JavaScript(plusone.js).
如果用户已登录Google,则Google的授权代码会存储到会话变量中.
如果用户未登录,则会显示“员工登录”按钮.如果用户点击该按钮,则会发生Google授权,如果成功,则Google的授权代码会存储到会话变量中.
在这两种情况下,在存储会话变量之后,用户将被重定向到另一个网页(google_login.php).

大多数情况下,登录过程按预期工作,但有时google_login.php会生成错误消息：Google_Auth_Exception’,并显示消息’获取OAuth2访问令牌时出错,消息：’invalid_grant’.

我很确定问题出在signInCallback函数中.如何使其防弹？

这是(缩减)代码：

staff_login.php

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="google-signin-clientid"
          content="CLIENT-ID.apps.googleusercontent.com">
    <meta name="google-signin-scope" content="email">
    <meta name="google-signin-cookiepolicy" content="single_host_origin">
    <meta name="google-signin-callback" content="signInCallback">
    <title>Login</title>
</head>
<body>

<button id="xyzStaffSignIn">Staff Sign In</button>

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js" 
    type="text/javascript"></script>

<script type = "text/javascript" >

    jQuery(document).ready(function ($) {
        console.log('Google (plusone.js) will invoke signInCallback');

        window.___gcfg = {
            lang: 'en-GB',
            parsetags: 'onload'
        };
        var po = document.createElement('script');
        po.type = 'text/javascript';
        po.async = true;
        po.src = 'https://apis.google.com/js/client:plusone.js';
        var s = document.getElementsByTagName('script')[0];
        s.parentNode.insertBefore(po, s);
    });

    function signInCallback(authResult) {
        if (authResult) {
            if (authResult['error'] == undefined) {
                if (authResult['code']) {
                    setSessionValue('GoogleAuthorisationCode', 
                       authResult['code'], callGoogleLogin);
                }
            } else if (authResult['error']) {
                // There was an error.
                // Possible error codes:
                //   "access_denied" - User denied access to your app
                //   "immediate_failed" - Could not automatically log in the user
                console.log('There was an error: ' + authResult['error']);

                if (!authResult['status']['signed_in']) {
                    console.log('gapi.signin.render will invoke signInCallback');
                    gapi.signin.render('xyzStaffSignIn');
                }
            } else {
                console.log('Empty authResult');  // Something went wrong
            }

        }
    }

    function setSessionValue(key, value, callback) {
        $.post(
            'session.php',
            {
                xyzAction: 'set',
                xyzKey: key,
                xyzValue: value
            },
            function (result) {
                // Handle or verify the server response if necessary.

                if (result['status'] == undefined) {
                    alert('xyz status problem. Please email our IT department!');
                } else {
                    switch (result['status']) {
                        case 'Success':
                            callback();
                            break;
                        default:
                            alert('xyz unexpected status problem. 
                                Please email our IT department!');
                            console.log(result['status']);
                    }
                }
            }
        )
    }

    function callGoogleLogin() {
        gapi.client.load('plus', 'v1', loadProfile);
    }

    /**
     * Uses the JavaScript API to request the user's profile, which includes
     * their basic information. When the plus.profile.emails.read scope is
     * requested, the response will also include the user's primary email address
     * and any other email addresses that the user made public.
     */
    function loadProfile() {
        var request = gapi.client.plus.people.get({'userId': 'me'});
        request.execute(loadProfileCallback);
    }

    /**
     * Callback for the asynchronous request to the people.get method. The profile
     * and email are set to global variables. Triggers the user's basic profile
     * to display when called.
     */

    function loadProfileCallback(profile) {
        var emailAddress;

        // Filter the emails object to find the user's primary account, which might
        // not always be the first in the array. The filter() method supports IE9+.
        emailAddress = profile['emails'].filter(function (v) {
            return v.type === 'account'; // Filter out the primary email
        })[0].value; // get the email from the filtered results, should always be defined.
        var domain = emailAddress.replace(/.*@/, "");
        if ("xyz.com" == domain) {
            window.location.href = "google_login.php?xyzEmailAddress=" + emailAddress;
        } else {
            alert(emailAddress + ' is not a recognized xyz staff member email address.');
        }
    }
</script>
</body>
</html>

google_login.php

<?php
// This code is called from the javascript on the login screen only 
// AFTER Google authorization has succeeded

// Google_Client is as defined at
// https://github.com/google/google-api-php-client/blob/master/src/Google/Client.php

$googleClient = new Google_Client ();
$googleClient->setRedirectUri('postmessage');
$googleClient->authenticate($_SESSION['GoogleAuthorizationCode']);

解决方法:

需要在这里从左侧面板添加/启用API https://console.developers.google.com.
我添加的API是“google API”和“gmail API”.我试过,它对我有用.

标签：php,javascript,google-plus,google-oauth,google-api-php-client
来源： https://codeday.me/bug/20190708/1403379.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。