Google+ Sign-In for server-side apps auth not working

9
votes

I trying to add Google+ auth for wordpress site. What I want: after auth in Google+ if user not registered on site - I redirect him to page where he enters his username; if user already registered - it will be logged in. here my js code:

function doGooglePlusLogin(authResult) {
    if (authResult['code']) {
        jQuery('#signinButton').attr('style', 'display: none');
        jQuery.ajax({
            url: '<?php echo site_url(); ?>/wp-admin/admin-ajax.php',
            type: 'get',
            dataType: 'json',
            data: {
                action: 'login_gplus',
                code: authResult['code']
            },
            success: function(result) {
            },
        });
    } else if (authResult['error']) {
    }
}

here my php code:

function login_gplus() {
$response = array();

if (isset($_GET['code']) && !empty($_GET['code'])) {
    @session_start();
    $client = new Google_Client();
    $client->setApplicationName('Test');
    $client->setAccessType('offline');
    $client->setClientId(get_option(SOCIAL_GPLUS_CLIENT_ID));
    $client->setClientSecret(get_option(SOCIAL_GPLUS_CLIENT_SECRET));
    $client->setDeveloperKey(get_option(SOCIAL_GPLUS_API_KEY));
    $client->setRedirectUri(get_option(SOCIAL_GPLUS_REDIRECT_URIS));
    $client->setApprovalPrompt('auto');

    $code = $_GET['code'];
    $client->authenticate($code);

    $token = json_decode($client->getAccessToken());
    $reqUrl = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' . $token->access_token;
    $req = new Google_HttpRequest($reqUrl);

    $tokenInfo = json_decode(
            $client->getIo()
                    ->authenticatedRequest($req)
                    ->getResponseBody());

    if ($tokenInfo->error) {
        $response['test'] = $tokenInfo->error;
        send_json_response($response);
        die();
    }
    if ($tokenInfo->audience != get_option(SOCIAL_GPLUS_CLIENT_ID)) {
        $response['test'] = "Token's client ID does not match app's.";
        send_json_response($response);
        die();
    }
    $response['test'] = 'Succesfully connected with token: ' . print_r($token, true);
}
send_json_response($response);
die();
}

User successfully authorized in Google+ but in php I got this:

Fatal error: Uncaught exception 'Google_AuthException' with message 'Error fetching OAuth2 access token, message: 'redirect_uri_mismatch'' in /var/www/html/v4/wp-content/plugins/social/google-plus/google-api/auth/Google_OAuth2.php:113Stack trace:#0 /var/www/html/v4/wp-content/plugins/social/google-plus/google-api/Google_Client.php(131): Google_OAuth2->authenticate(Array, '4/ScmpTqEIWt0SJ...')#1 /var/www/html/v4/wp-content/plugins/social/google-plus/functions.php(35): Google_Client->authenticate('4/ScmpTqEIWt0SJ...')#2 [internal function]: login_gplus('')#3 /var/www/html/v4/wp-includes/plugin.php(406): call_user_func_array('login_gplus', Array)#4 /var/www/html/v4/wp-admin/admin-ajax.php(74): do_action('wp_ajax_nopriv_...')#5 {main} thrown in /var/www/html/v4/wp-content/plugins/social/google-plus/google-api/auth/Google_OAuth2.php on line 113

In App Settings Redirect URIs specified as http://example.com/wp-admin/admin-ajax.php. What do I do wrong?

EDIT:

Google+ Sign-In button definition:

<span id="signinButton">
  <span class="g-signin"
   data-callback="doGooglePlusLogin"
   data-clientid="<?php echo $this->gplus_client_id; ?>"
   data-cookiepolicy="single_host_origin" data-accesstype="offline"
   data-requestvisibleactions="http://schemas.google.com/AddActivity"
   data-scope="https://www.googleapis.com/auth/plus.login">
  </span>
</span>

SOCIAL_GPLUS_REDIRECT_URIS is example.com/wp-admin/admin-ajax.php?action=login_gplus

1
phpjavascriptwordpressgoogle-plus
Are you using the Google+ Sign-In button or are you triggering the flow yourself? Please post your front-end code that shows how this flow is being triggered. We need to see the configuration parameters that are being passed to Google. (hide your client ID. Also, we need to see on your PHP side of things what values are present for your SOCIAL_GPLUS_REDIRECT_URIS - BrettJ
I am using Google+ Sign-in button. <span id="signinButton"> <span class="g-signin" data-callback="doGooglePlusLogin" data-clientid="<?php echo $this->gplus_client_id; ?>" data-cookiepolicy="single_host_origin" data-accesstype="offline" data-requestvisibleactions="http://schemas.google.com/AddActivity" data-scope="https://www.googleapis.com/auth/plus.login"> </span> </span> - Peter
SOCIAL_GPLUS_REDIRECT_URIS is example.com/wp-admin/admin-ajax.php?action=login_gplus - Peter

1 Answers

22
votes

Your code is basically right, but there's a slight quirk which I can see is not documented very well! You have to set your redirectURI to postmessage rather than the URL you're using. 

$client->setRedirectUri('postmessage');

This is so it matches with the URI set for the token during the Javascript exchange from the button. Take a look at the sample code at: https://github.com/googleplus/gplus-quickstart-php/blob/master/signin.php to see it in action. I'll make sure we add a note to the documentation.