Php – google-api-php-client: Invalid client secret JSON file

google-api-php-clientoauthphp

Seems that the latest version of the google-api-php-client for PHP doesn't line up with the docs @ https://developers.google.com/drive/web/examples/php

Looking at the src code I'm seeing that it's looking for keys in the downloaded JSON that the setAuthConfigFile() method can't find: client_secret, installed, web, redirect_uris (others?) are not present in the downloaded JSON. Only private_key_id, private_key, client_email, client_id, and type are present.

The code and docs seem really disorganized and out of sync… wouldn't be the first for Google. Has anyone gotten OAuth working recently using that library?

Best Solution

There is a difference between a "service account" and a "web apllication" to make calls to the API. When you created a "service account" you will get the file described above, a JSON file with private_key, client_email, client_id etc.

When you create a web application you will be given a client_id, client_secret, redirect_uri etc.

I would suggest reading these pages to choose which key and login you need (on both pages you find examples to integrate it in PHP):

You can use the Google APIs Client Library for PHP to create web server applications that use OAuth 2.0 authorization to access Google APIs. OAuth 2.0 allows users to share specific data with an application while keeping their usernames, passwords, and other information private. For example, a web application can use OAuth 2.0 to obtain permission from users to store files in their Google Drives.

https://developers.google.com/api-client-library/php/auth/web-app

Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data. For example, an application that uses Google Cloud Datastore for data persistence would use a service account to authenticate its calls to the Google Cloud Datastore API.

https://developers.google.com/api-client-library/php/auth/service-accounts

Related Solutions

Php – How to get the client IP address in PHP

Whatever you do, make sure not to trust data sent from the client. $_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. That is the most reliable value you can find.

However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'], but this value is easily spoofed. For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy.

This means that if you are going to save the $_SERVER['HTTP_X_FORWARDED_FOR'], make sure you also save the $_SERVER['REMOTE_ADDR'] value. E.g. by saving both values in different fields in your database.

If you are going to save the IP to a database as a string, make sure you have space for at least 45 characters. IPv6 is here to stay and those addresses are larger than the older IPv4 addresses.

(Note that IPv6 usually uses 39 characters at most but there is also a special IPv6 notation for IPv4 addresses which in its full form can be up to 45 characters. So if you know what you are doing you can use 39 characters, but if you just want to set and forget it, use 45).

Php – Returning JSON from a PHP Script

While you're usually fine without it, you can and should set the Content-Type header:

<?php
$data = /** whatever you're serializing **/;
header('Content-Type: application/json; charset=utf-8');
echo json_encode($data);

If I'm not using a particular framework, I usually allow some request params to modify the output behavior. It can be useful, generally for quick troubleshooting, to not send a header, or sometimes print_r the data payload to eyeball it (though in most cases, it shouldn't be necessary).

Best Solution

Related Solutions

Php – How to get the client IP address in PHP

Php – Returning JSON from a PHP Script

Related Question