Google-api-php-client: Error 403 after login

Created on 25 Sep 2018  ·  9Comments  ·  Source: googleapis/google-api-php-client

I'm using the 'profile' has scope but when i loggin the url contains :
"code=...&scope=https://www.googleapis.com/auth/userinfo.profile"

https://www.googleapis.com/auth/userinfo.profile is outdated (i read in docs) , because of this scope the page gives a error 403 Forbidden page acess. If i remove the 'scope=https://www.googleapis.com/auth/userinfo.profile" part on URL everythings seems ok.

Thanks

question
Source
picture 4youplay
👍1

All 9 comments

I'm having a hard time understanding what issue you experiencing. Could you attach a snippet of code that is not working and explain what behavior you are expecting to see.

mattwhisenhunt picture mattwhisenhunt on 26 Sep 2018

2018-09-26 10_44_18-loadingpix

If i remove the scope parameter the login and redirect happens with success.

$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->addScope("profile");

$service = new Google_Service_Oauth2($client);

/************************************************
  If we have a code back from the OAuth 2.0 flow,
  we need to exchange that with the authenticate()
  function. We store the resultant access token
  bundle in the session, and redirect to ourself.
*/

if (isset($_GET['code'])) {
  $client->authenticate($_GET['code']);
  $_SESSION['access_token'] = $client->getAccessToken();
  header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
  return;
}

/************************************************
  If we have an access token, we can make
  requests, else we generate an authentication URL.
 ************************************************/
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
  $client->setAccessToken($_SESSION['access_token']);
} else {
  $authUrl = $client->createAuthUrl();
}
4youplay picture 4youplay on 26 Sep 2018

Check out the latest version of this example in this repo.

Please let me know where you got that older version from and I will try to update it. Thanks

mattwhisenhunt picture mattwhisenhunt on 27 Sep 2018

Thanks Matt, but i already used the newest version (install via composer and directly), same results.
I used the example idtoken.php in this repo, but gives me every time 403 Forbidden, the 'profile' scope isnt working.

4youplay picture 4youplay on 27 Sep 2018
👍1

I seem to have avoided answering your question directly, sorry about that, that was unintentional. You are right about the scope, it looks like you want 'email'. I would double check your script against the version I linked and make sure there aren't any other changes you need to make.

mattwhisenhunt picture mattwhisenhunt on 27 Sep 2018

Let me know if you have any other questions.

mattwhisenhunt picture mattwhisenhunt on 10 Oct 2018

4youplay
Have you find answer ? I am facing same problem.

sharmasandeep410 picture sharmasandeep410 on 26 Dec 2018

If your public application uses scopes that permit access to certain user
data, it must pass review. If you see *unverified app *on the screen when
testing your application, you must submit a verification request to remove
it. Find out more about unverified apps
https://support.google.com/cloud/answer/7454865 in the Help Center.

I had to go through verification too, just to use "scope" => "profile email"

ps: the reason of 403 is stated in the error itself

s pozdravem,

Filip Oščádal
https://fredbrooker.gscloud.cz https://fredbrooker.gscloud.cz

On Wed, Dec 26, 2018 at 7:34 PM sharmasandeep410 notifications@github.com
wrote:

4youplay
Have you find answer ? I am facing same problem.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/googleapis/google-api-php-client/issues/1527#issuecomment-450006201,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAEmXrkUmD0Ot_0bk7XSxS-KwZtD6-DUks5u88E3gaJpZM4W5BqD
.

mxdpeep picture mxdpeep on 27 Dec 2018
1

If your public application uses scopes that permit access to certain user data, it must pass review. If you see unverified app *on the screen when testing your application, you must submit a verification request to remove it. Find out more about unverified apps https://support.google.com/cloud/answer/7454865 in the Help Center. I had to go through verification too, just to use "scope" => "profile email" ps: the reason of 403 is stated in the error itself s pozdravem, *Filip Oščádal https://fredbrooker.gscloud.cz https://fredbrooker.gscloud.cz

On Wed, Dec 26, 2018 at 7:34 PM sharmasandeep410 @.*> wrote: 4youplay Have you find answer ? I am facing same problem. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1527 (comment)>, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEmXrkUmD0Ot_0bk7XSxS-KwZtD6-DUks5u88E3gaJpZM4W5BqD .

I also thought so: using profile scope will need my app to be verified by Google. But I don't see any details in the error, just the 403 error.

msrumon picture msrumon on 1 May 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

usamamashkoor picture usamamashkoor  ·  5Comments
AlexandreGerault picture AlexandreGerault  ·  5Comments
cmcfadden picture cmcfadden  ·  5Comments
bencromwell picture bencromwell  ·  3Comments
unixkapl picture unixkapl  ·  3Comments