我已经在简化的身份流程中实现了帐户链接(https://developers.google.com/actions/identity/oauth2-assertion-flow)
// Get the jwt token from the request
$token = $this->jwt->parse($body['assertion']);
if (null === Client::where('id', $body['client_id'])->where('secret', $body['client_secret'])->first()
&& (false === $this->verifySignature($token) || false === $this->validateData($token))
) {
return response()->json(
[
'error' => 'invalid_grant',
],
Http::UNAUTHORIZED
);
}
$sub = $token->getClaim('sub');
$email = $token->getClaim('email');
$scopes = explode(' ', $body['scope']);
// Check if the user exists in the database or not
$userId = User::findIdByGoogleIds($email, $sub);
\Log::debug($userId);
// If user doesn't exists and intent is get, ask google to send you the create intent with all user info.
if (null === $userId && 'get' === $body['intent']) {
\Log::debug('user not found, ask for a create request');
return response()->json(
[
'error' => 'user_not_found',
],
Http::UNAUTHORIZED
);
// If user doesn't exist and we are in intent create, let's create this user in our database.
} elseif (null === $userId && 'create' === $body['intent']) {
\Log::debug('user not found, create it');
// If user exists bug don't have the google profile associated.
if (null === ($user = User::findByMail($email))) {
$user = new User();
$user->password = Hash::make(str_random(8));
$user->email = $email;
$user->name = $token->getClaim('name');
$user->save();
//Generate a token for the user
static::generateToken($user, $scopes);
}
// Asssociate google profile that user
$profile = new GoogleProfile();
$profile->google_id = $sub;
$user->googleProfiles()->save($profile);
} elseif (null !== $userId) {
\Log::debug('google profile already existing');
$user = User::find($userId->id);
}
JWT 令牌包含这些信息:
{
"sub": 1234567890, // The unique ID of the user's Google Account
"iss": "https://accounts.google.com", // The assertion's issuer
"aud": "123-abc.apps.googleusercontent.com", // Your server's client ID
"iat": 233366400, // Unix timestamp of the assertion's creation time
"exp": 233370000, // Unix timestamp of the assertion's expiration time
"name": "Jan Jansen",
"given_name": "Jan",
"family_name": "Jansen",
"email": "jan@gmail.com", // If present, the user's email address
"locale": "en_US"
}
我需要获取用户在他的谷歌个人资料中填写的电话号码(如果有的话)。
所以我想使用google + api,所以我正在尝试这个:
$client = new \Google_Client();
$client->setClientId('my_client_id');
$client->setClientSecret('my_client_secret');
$client->setAccessToken($token->getPayload());
$plus = new Google_Service_Plus($client);
$test = $plus->people->get($sub);
client_id 和 secret 已在https://console.developers.google.com上创建
回应是:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
{"exception":"[object] (Google_Service_Exception(code: 401): {
\"error\": {
\"errors\": [
{
\"domain\": \"global\",
\"reason\": \"authError\",
\"message\": \"Invalid Credentials\",
\"locationType\": \"header\",
\"location\": \"Authorization\"
}
],
\"code\": 401,
\"message\": \"Invalid Credentials\"
}
}
因此,据我了解,帐户链接是 OAuth 身份验证,因此它应该向我发送一个有效的令牌访问权限,我可以将其与 google api 一起使用。但它告诉我这个令牌是无效的。
我错过了什么或者我没有以好的方式做到这一点?我是否必须再次执行特定于 google api 的新身份验证?