Re: Google PHP Client API and OAuth 2.0: server-to-server authentication
1,057 views
Skip to first unread message
Chirag Shah
Mar 26, 2012, 12:38:29 PM3/26/12
to google-api...@googlegroups.com
Hey Reece,
I'm happy to announce that the Google API PHP Client now supports service accounts on trunk!
The implementation hasn't been released yet, so you'll need to checkout the latest version of the PHP client by visiting:
I've prepared a sample application that demonstrates how you can use service accounts to hit the Google Prediction API.
To view the example, take a peek at examples/prediction/serviceAccount.php or visit:
If you happen to find a bug, please let us know by filing a bug here:
Thank you!
Chirag Shah
On Mon, Mar 26, 2012 at 9:36 AM, Reece Karbowski <reece.k...@gmail.com> wrote:
I'm trying to make a server application to routinely pull Google Analytics data from my own GA account. Note, it is a personal, server-side application accessing my own data, i.e. there is no end-user accessing this application.
As such, I registered my application in the Google API Console as a Service Application, which gave me a Client ID and a Private Key. It is my understanding that Service Applications do NOT use Application Secret and Redirect URL as there is no end-user in this server-to-server authentication flow. Indeed, the Google API Console gave me no Secret and did not prompt me for a Redirect URL.
Unfortunately, I can not figure out how to authenticate my Service Application within Google's PHP Client API. While there is extensive documentation on authenticating web applications with an end-user, there doesn't seem to be anything explaining service apps without and end-user.
Google's documentation suggests it is possible to authenticate server-to-server by signing a JWT request with the private key. I just can't figure out how to do within the PHP client API (although I've browsed the source and there's definitely a script that signs a request with the private key.)
Am I missing something here? How can I perform authentication for a Service Application with my private key and the Google PHP client API?
Thanks, all!
Also posted on StackOverflow
Eric Haskins
Mar 27, 2012, 11:21:30 AM3/27/12
to google-api-php-client
Reece,
There is also an example using the JWT on http://groups.google.com/group/adsense-api
under a post I made.
Eric Haskins
There is also an example using the JWT on http://groups.google.com/group/adsense-api
under a post I made.
Eric Haskins
Alessandro
Apr 9, 2012, 9:02:06 AM4/9/12
to google-api...@googlegroups.com
Hey Chirag,
I'm totally new to Google APIs and oAuth2, so sorry if there are misunderstandings.
Hope you can help me.
I tryed to run an access to Google API fo shopping (with source gan:xxx) that needs authorization. (oAuth2).
I checked out rev412 from trunk of Google PHP client for API
I'm using prediction/serviceAccount.php example (with service changed to shopping API as in shopping/simple.php)
on my local developer server:
php 5.2.17 on Apache 2.0 on windows 7
I have problems to make all work
1. Not sure what to use for SERVICE_ACCOUNT_NAME (in API Access console there are this IDs: CLIENT ID, Emal access, and also Product Name, Google Account)
2. I have error
Warning: openssl_sign() expects parameter 4 to be long, string given in ....src\auth\apiP12Signer.php on line 60
(as on php manual, where there seems to be no support for sha256 algo)
Trying to use default algo takes me to this problem 3:
3. Uncaught exception 'apiAuthException' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'' in .....src\auth\apiOAuth2.php:276 Stack trace: #0 .....\src\auth\apiOAuth2.php(253): apiOAuth2->refreshTokenRequest(Array) #1 ...\src\auth\apiOAuth2.php(206): apiOAuth2->refreshTokenWithAssertion() #2 .....\src\service\apiServiceResource.php(167): apiOAuth2->sign(Object(apiHttpRequest)) #3 .....\src\contrib\apiShoppingService.php(91): apiServiceResource->__call('list', Array) #4 ...... in ......\src\auth\apiOAuth2.php on line 276
Please help!
Follows my full php code.
Thank You so much,
Alessandro
_____________________________________________php code_____________________________
require_once '....../src/apiClient.php';
require_once '....../src/contrib/apiShoppingService.php';
define('KEY_FILE', 'my key file );
define('SERVICE_ACCOUNT_NAME', '???');
define('CLIENT_ID', 'my client ID');
$client = new apiClient();
$client->setApplicationName("Google Shopping Sample");
session_start();
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
$key = file_get_contents(KEY_FILE);
$client->setAssertionCredentials(new apiAssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/structuredcontent'),
$key)
);
$client->setClientId(CLIENT_ID);
// Visit https://code.google.com/apis/console?api=shopping to generate your
// Simple API Key.
$client->setDeveloperKey('my developer key');
$service = new apiShoppingService($client);
$source = "gan:xxxxxxx";
// For more information about full text search with the shopping API, please
// see http://code.google.com/apis/shopping/search/v1/getting_started.html#text-search
$query = "\"mp3 player\" | ipod";
$ranking = "relevancy";
$results = $service->products->listProducts($source, array(
"country" => "US",
"q" => $query,
"rankBy" => $ranking,
));
print "<h1>Shopping Results</h1><pre>" . print_r($results, true) . "</pre>";
// We're not done yet. Remember to update the cached access token.
// Remember to replace $_SESSION with a real database or memcached.
if ($client->getAccessToken()) {
$_SESSION['token'] = $client->getAccessToken();
I'm totally new to Google APIs and oAuth2, so sorry if there are misunderstandings.
Hope you can help me.
I tryed to run an access to Google API fo shopping (with source gan:xxx) that needs authorization. (oAuth2).
I checked out rev412 from trunk of Google PHP client for API
I'm using prediction/serviceAccount.php example (with service changed to shopping API as in shopping/simple.php)
on my local developer server:
php 5.2.17 on Apache 2.0 on windows 7
I have problems to make all work
1. Not sure what to use for SERVICE_ACCOUNT_NAME (in API Access console there are this IDs: CLIENT ID, Emal access, and also Product Name, Google Account)
2. I have error
Warning: openssl_sign() expects parameter 4 to be long, string given in ....src\auth\apiP12Signer.php on line 60
(as on php manual, where there seems to be no support for sha256 algo)
Trying to use default algo takes me to this problem 3:
3. Uncaught exception 'apiAuthException' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'' in .....src\auth\apiOAuth2.php:276 Stack trace: #0 .....\src\auth\apiOAuth2.php(253): apiOAuth2->refreshTokenRequest(Array) #1 ...\src\auth\apiOAuth2.php(206): apiOAuth2->refreshTokenWithAssertion() #2 .....\src\service\apiServiceResource.php(167): apiOAuth2->sign(Object(apiHttpRequest)) #3 .....\src\contrib\apiShoppingService.php(91): apiServiceResource->__call('list', Array) #4 ...... in ......\src\auth\apiOAuth2.php on line 276
Please help!
Follows my full php code.
Thank You so much,
Alessandro
_____________________________________________php code_____________________________
require_once '....../src/apiClient.php';
require_once '....../src/contrib/apiShoppingService.php';
define('KEY_FILE', 'my key file );
define('SERVICE_ACCOUNT_NAME', '???');
define('CLIENT_ID', 'my client ID');
$client = new apiClient();
$client->setApplicationName("Google Shopping Sample");
session_start();
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
$key = file_get_contents(KEY_FILE);
$client->setAssertionCredentials(new apiAssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/structuredcontent'),
$key)
);
$client->setClientId(CLIENT_ID);
// Visit https://code.google.com/apis/console?api=shopping to generate your
// Simple API Key.
$client->setDeveloperKey('my developer key');
$service = new apiShoppingService($client);
$source = "gan:xxxxxxx";
// For more information about full text search with the shopping API, please
// see http://code.google.com/apis/shopping/search/v1/getting_started.html#text-search
$query = "\"mp3 player\" | ipod";
$ranking = "relevancy";
$results = $service->products->listProducts($source, array(
"country" => "US",
"q" => $query,
"rankBy" => $ranking,
));
print "<h1>Shopping Results</h1><pre>" . print_r($results, true) . "</pre>";
// We're not done yet. Remember to update the cached access token.
// Remember to replace $_SESSION with a real database or memcached.
if ($client->getAccessToken()) {
$_SESSION['token'] = $client->getAccessToken();
Cynthia
May 4, 2012, 4:51:30 AM5/4/12
to google-api...@googlegroups.com
Hi,
does that mean you were able to get it working with a service acocunt and Analytics? I ask because I have not been able to, and was reminded that service accounts aren't released for Analytics yet - so if that's not true I'm definitely interested in confirmation!
https://groups.google.com/group/google-api-php-client/browse_thread/thread/bd9cac6d6fd78224
http://www.google.com/url?sa=D&q=http://googledevelopers.blogspot.co.uk/2012/03/service-accounts-have-arrived.html&usg=AFQjCNGWvjxamIFOywLDYOBBxRskKi3o4A
Am Montag, 26. März 2012 18:40:34 UTC+2 schrieb Reece Karbowski:
does that mean you were able to get it working with a service acocunt and Analytics? I ask because I have not been able to, and was reminded that service accounts aren't released for Analytics yet - so if that's not true I'm definitely interested in confirmation!
https://groups.google.com/group/google-api-php-client/browse_thread/thread/bd9cac6d6fd78224
http://www.google.com/url?sa=D&q=http://googledevelopers.blogspot.co.uk/2012/03/service-accounts-have-arrived.html&usg=AFQjCNGWvjxamIFOywLDYOBBxRskKi3o4A
Am Montag, 26. März 2012 18:40:34 UTC+2 schrieb Reece Karbowski:
You're a lifesaver. Thanks a million!
On Monday, March 26, 2012 12:38:29 PM UTC-4, Chirag Shah wrote:
Hey Reece,I'm happy to announce that the Google API PHP Client now supports service accounts on trunk!The implementation hasn't been released yet, so you'll need to checkout the latest version of the PHP client by visiting:I've prepared a sample application that demonstrates how you can use service accounts to hit the Google Prediction API.To view the example, take a peek at examples/prediction/serviceAccount.php or visit:If you happen to find a bug, please let us know by filing a bug here:Thank you!Chirag Shah
Thomas Goeminne
May 25, 2012, 7:42:07 AM5/25/12
to google-api...@googlegroups.com
Hi,
Op dinsdag 27 maart 2012 00:36:01 UTC+8 schreef Reece Karbowski het volgende:
I checked out the latest svn and I am trying to use it but I get the error:
Fatal error: Call to undefined method apiOAuth2::setAssertionCredentials() in /home/dabombsh/public_html/googleapi/src/apiClient.php on line 317
public function setAssertionCredentials(apiAssertionCredentials $creds) {
-> self::$auth->setAssertionCredentials($creds);
}
What could be the problem here? How can I solve it? I am using php 5.2.17
Greets,
Thomas
Thomas
Op dinsdag 27 maart 2012 00:36:01 UTC+8 schreef Reece Karbowski het volgende:
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages