Geek Answers Handbook

Automatically logging in to Google OAuth

I have a question about the OAuth2.0 process. I would like to get something like the Stack Log with google account function.

I am using the PHP library from Google.

I normally get update token and access token.

So far, so good, my question is: when a user logs out of my website and presses a button again, how should I know who should extract the necessary update token from the database?

I was thinking about storing email in a cookie, but StackOverflow doesn't seem to do it, since I cleared my cookies, but Stack keeps linking me when I click the button without displaying the google "Scope" page.

Am I missing something? Is there an API that allows you to receive user email without a token? Maybe RefreshToken should only be used with Mobile APP, where do you know the user?

What I want to achieve is relatively simple, the user clicks on the entry, the first time I have to approve the application. After its completion, I would like to automatically connect the user when I click the login button.

Thanks for any info on this.

+6
source share
4 answers

https://developers.google.com/accounts/docs/OAuth2Login describes how to achieve login using Google / OAuth2.

+2
source

When the user first presses the login button and enters the login information, OAuth returns all user data, including email address and Google ID. This way you can store your Google ID in the database via email. Also, when a user logs out and presses the login button again, OAuth retrieves the data again. This way you can check the google id obtained by OAuth with the google id that is present in your database.

+1
source

Choose this procedure if you would rather just upgrade your OAuth 2.0 login implementation (OpenID Connect).

Change endpoint: you can replace the userinfo endpoint with the people.get endpoint using the following HTTP request path: https://www.googleapis.com/plus/v1/people/me If you need the OpenID Connect format, replace the endpoint userinfo is the endpoint of people.getOpenIdConnect using the following HTTP request path: https://www.googleapis.com/plus/v1/people/me/openIdConnect Scope of change. If your application is currently using the https://www.googleapis.com/auth/userinfo.profile realm, you can switch to the profile realm. Your application receives the same profile information as before, so your users will not have to agree again.

Transfer how your application receives email addresses. If you use the userinfo endpoint to retrieve the user's email addresses, you can migrate how your application receives the email addresses.

https://developers.google.com/+/api/auth-migration#email

0
source

What you need to do is set up a persistent cookie with a unique identifier and create an entry in your database that associates this identifier with a registered user.

Obviously, the first time a user logs in to your site using OAuth, you need to create a user record in your database.

You also need to redirect the desired Google OAuth endpoint to receive a token for offline users, otherwise the token will expire and after some time it cannot be renewed automatically.

I wrote an article on exactly this, getting Google OAuth tokens for offline use and keeping them valid and renewable as long as you want. This article is about the class I wrote with all the code for this, including storing tokens in the database.

0
source

More articles:


All Articles