Hi,
I was previously using google-api-php-client-services to verify a JWT Oauth2 token that comes in my backend php server after I sign in with my google account (frontend is javascript)
The code is rather simple:
// verify validity of token
$client = new Google_Client(['client_id' => 'xyz', 'hd' => 'example.com']);
$payload = $client->verifyIdToken($token_is_here);
if(!$payload)
return false;
I would like to know if I could perform the same operation using one of GCP packages.
I'm asking this because someone in charge closed the issue #74 that was open in the other repository. It was about a request for the API to be split into smaller packages. Is GCP what I'm looking for?
Thanks!
I would like to know if I could perform the same operation using one of GCP packages.
Yes, I believe you can. There is an OAuth workflow included in the auth package which we rely on. To mimic your snippet, it looks like you will need to do something like the following:
use Google\Auth\OAuth2;
$publicKey = file_get_contents('/data/public.pem');
$oauth = new OAuth2([
'clientId' => 'xyz',
'additionalClaims' => [
'hd' => 'example.com'
]
]);
$oauth->setIdToken($token_is_here);
try {
$payload = $oauth->verifyIdToken(
$publicKey,
['RS256'] // A list of allowed algorithms
);
} catch (\DomainException $ex) {
// handle exception
}
if (!$payload) {
return false;
}
It was about a request for the API to be split into smaller packages. Is GCP what I'm looking for?
Yes it is :). We use this repository to host development and then split our sub-components out into separate packages which can be installed on their own.
Hello,
Thanks for the reply, I am in fact using the same auth package you mentioned (because google/apiclient has it as a dependency)
The problem I have with your proposed solution is I have to compile the .pem file from https://www.googleapis.com/oauth2/v3/certs myself in order to verify the validity of the id_token.
This functionality is already available here: https://github.com/google/google-api-php-client/blob/master/src/Google/AccessToken/Verify.php
I would really not like to reinvent the wheel and write all that code myself because I don't know enough of cryptography to implement it properly.
So, to reiterate, right now I have installed the google/apiclient package (which I need) also installs google/auth (which you proposed) but also installs google/apiclient-services (which I do not want because its useless and huge)
I was hoping one of the GCP packages would help in this regard but I think GCP has nothing to do with authentication and is in fact just splitting the numerous google APIs into subpackages.
/cc @bshaffer, do you think it would make sense to port the Verify class over to the auth package?
Hello,
I found a temporary solution to my issue with regard to the "useless" dependency.
I can just add this lines in composer.json file:
"replace": {
"google/apiclient-services": "self.version"
},
So that the package won't get downloaded anymore. It assumes I already have it 馃槃
And as an added bonus, skipping that package also updates my google/apiclient and google/auth packages to the latest versions (they were set back because of that dependency)
It would however be really nice if the Verify class could be ported to the google/auth package. Then I could just only require that and be done with it.
Thanks!
Closing this out in favor of a feature request on the auth library: https://github.com/googleapis/google-auth-library-php/issues/215