Help decoding gtoken using PHP

[KrimblKrum]

I've followed instructions for setting my website up to use Google Identity Toolkit.  I've even followed the flow from clicking the sign in button to receiving the "gtoken" cookie.  However, I'm having trouble trying to converting the gtoken to an object that i can use in my PHP code.  The documentation says the token is a cryptographically-signed JSON object encoded in base 64.  So I've written the following code to decode from base 64, and then decode from JSON.  Decoding from base 64 is successful, and I verified that the JSON looks as I would expect; compared to output using https://py-jwt-decoder.appspot.com/.  However, the when I attempt to decode the JSON, the result is null.  Could someone explain the best way to deserialize the token into something I can use in my PHP code?

require_once __DIR__.'\\includes\\JWT.php';

$gtoken = $_COOKIE["gtoken"];

$token = JWT::urlsafeB64Decode($gtoken);

print("<div>jwt token: '".$token."'</div>"); // The expected JSON is displayed.

$payload = json_decode($token, true);

if ($payload == null){ // This results in a true condition.

print("<div>jwt test: NULL</div>");

} else {

print("<div>jwt test: '".var_dump($payload)."'</div>");

}

[Derek Salama]

Is there some reason you can't use the PHP library we provide? The GitkitClient.validateTokenInRequest() method will return a PHP object.

[KrimblKrum]

Thanks.  I found the GitkitClient, and also the GoogleClient; not sure if there's a difference.  I guess I don't understand enough about those.  It looked like I needed an authorization token to be able to use the client.  I'm not sure how to get that.  I'll look over the examples again and see how I might integrate an example into my code.

[KrimblKrum]

I got the Identity Toolkit PHP Client (https://github.com/google/identity-toolkit-php-client).  However, it looks like it lacks the autoloader.php file that the readme file suggests using.  If I try to require the GitkitClient.php file itself, I still get a "Class 'Google_Auth_OAuth2' not found"; which doesn't appear in any of the files I got from GitHub.  Is there something more I should have done for setup?

[Derek Salama]

The autoloader.php file is generated by Composer, which we used for dependency management. You may want to take a look at our PHP quickstart guide. In particular, section 3 describes setup with Composer.

[KrimblKrum]

That article was exactly what I needed!  Apparently I was following the wrong step-by-step guide; Toolkit Documentation: Overview.  Thanks!

By following that article, I was able

For what it's worth, my code looks a lot like the