2017 © Pedro Peláez
 

library jwt

Google oAuth2 JWT Generator

image

raffie-rest/jwt

Google oAuth2 JWT Generator

  • Sunday, April 5, 2015
  • by raffie.rest
  • Repository
  • 1 Watchers
  • 0 Stars
  • 446 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 1 Versions
  • 7 % Grown

The README.md

JWT

Google® oAuth2 JWT Generator Class, (*1)

Introduction

This class is already hooked up in another proprietary Remote REST abstraction, but I aim to implement the Google oAuth2 service account auth method by virtue of this class in my Adapter project also., (*2)

For the moment, you might be able to incorporate it in your own Remote REST abstraction., (*3)

It is exactly intended for that purpose; those who find the PHP google client libraries too bloated, but have a hard time figuring out how to generate a JWT / negotiating for a token whilst dodging cryptic bad_request / invalid_grant responses. Mostly this is due to the system clock being out of sync with NTP, but this class accounts for this., (*4)

Generating a JWT

Feed it a config array, like so:, (*5)

$jwtConfig = [
  'key'    => [
    'pass'  => 'notasecret',
    // Converted from the .p12 off of the Developer console
    'path'  => 'file://' . storage_path() . '/certs/google.pem'
  ],
  'header'  => [
    'alg'  => 'RS256',
    'typ'  => 'JWT'
  ],
  'claim_set' => [
    'iss'     => '',  // service account e-mail
    'scope'   => 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/prediction',
    'aud'     => 'https://www.googleapis.com/oauth2/v3/token',
    'exp'     => '+30 minutes',
    'sub'     => ''
  ]
];

$generator = new Generator($jwtConfig);

$returnedJwt = $generator->generate();

Make sure that the relevant API's are enabled, and the user has read/write access., (*6)

Negotiate for an access token

The JWT can be used to negotiate an access token via the pseudocode below:, (*7)

POST https://www.googleapis.com/oauth2/v3/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=urlencode(JWT::$grant_type)&assertion=urlencode($returnedJwt)

In the case of Google oAuth2, the grant_type is virtually always urn:ietf:params:oauth:grant-type:jwt-bearer., (*8)

If stuff goes wrong

The class is aimed at preventing the cryptic bad_request stuff by converting your time to UTC, but always make sure your system time is in sync with NTP and that you use your service account e-mail address (not your ID)., (*9)

If all is well...

If everything goes well, you get something like this you can cache for further usage:, (*10)

{
  "access_token" : "1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M",
  "token_type" : "Bearer",
  "expires_in" : 3600
}

After the access token is expired, you can simply rebuild the JWT and request a new access token., (*11)

Authenticate with the access token

Put this header on each Google API request:, (*12)

GET https://www.googleapis.com/calendar/v3/users/me/calendarlist HTTP/1.1
Authorization: Bearer 1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M

The Versions

05/04 2015

dev-master

9999999-dev https://github.com/raffie-rest

Google oAuth2 JWT Generator

  Sources   Download

MIT

The Requires

  • php >=5.5.0

 

by Raffie REST