Google OAuth: No refresh_token

1
votes

I am trying to use the google-api-php-client to upload videos to Youtube.

Since I need access to only one Youtube channel, not to many users channels, I have to authorize my app one time and store a refresh_token to achieve a not expiring access to the API.

The problem is that I don't get a refresh_token with the $client->getAccessToken()-call.
I only get the following values: token_type, expires_in, id_token, created

I created a "Client ID for web applications" using Google Console and use the following code:

<?php
$OAUTH2_CLIENT_ID = '<my client id>';
$OAUTH2_CLIENT_SECRET = '<my client secret>';

$client = new Google_Client();
$client->setApplicationName('<my app name>');
$client->setClientId($OAUTH2_CLIENT_ID);
$client->setClientSecret($OAUTH2_CLIENT_SECRET);
$client->setScopes('profile email https://www.googleapis.com/auth/youtube');
$client->setState('offline');
$redirect = filter_var('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'],
    FILTER_SANITIZE_URL);
$client->setRedirectUri($redirect);

// Define an object that will be used to make all API requests.
$youtube = new Google_Service_YouTube($client);

if(isset($_GET['code'])) {
    $client->authenticate($_GET['code']);
    $accessToken = $client->getAccessToken();
    var_dump($accessToken, json_decode($accessToken));
}
else {
    $aurl = $client->createAuthUrl();
    $aurl = str_replace('approval_prompt=auto', 'approval_prompt=force', $aurl);
    echo '<a href="'.$aurl.'">'.$aurl.'</a>';
}

As you can see I already use $client->setState('offline') and insert apprival_prompt=force in the authURL.

I also tried to revoke access in my Google account manager multiple times and created a new API project.

Thank you in advance for telling me what I'm doing wrong :)

1
google-oauthgoogle-api-php-client

1 Answers

0
votes

I think the problem is that $accessToken = $client->getAccessToken(); is a post. 

client->authenticate($_GET['code']);  
$_SESSION['token'] = $client->getAccessToken();
$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));

It needs to be posted to Google. When it comes back you should have $_SESSION['token']

Full Untested Example:

<?php         
require_once 'Google/Client.php';     
require_once 'Google/Service/YouTube.php';       
session_start();      
$client = new Google_Client();
    $client->setApplicationName("Client_Library_Examples");
    $client->setDeveloperKey("{devkey}");  
    $client->setClientId('{clientid}.apps.googleusercontent.com');
    $client->setClientSecret('{clientsecret}');
    $client->setRedirectUri('http://www.daimto.com/Tutorials/PHP/Oauth2.php');
    $client->setScopes(array('https://www.googleapis.com/auth/analytics.readonly'));

    //For loging out.
    if ($_GET['logout'] == "1") {
    unset($_SESSION['token']);
       }   

    // Step 2: The user accepted your access now you need to exchange it.
    if (isset($_GET['code'])) {

        $client->authenticate($_GET['code']);  
        $_SESSION['token'] = $client->getAccessToken();
        $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
        header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
    }

    // Step 1:  The user has not authenticated we give them a link to login    
    if (!$client->getAccessToken() && !isset($_SESSION['token'])) {
        $authUrl = $client->createAuthUrl();
        print "<a class='login' href='$authUrl'>Connect Me!</a>";
        }        

    // Step 3: We have access we can now create our service
    if (isset($_SESSION['token'])) {
        print "<a class='logout' href='".$_SERVER['PHP_SELF']."?logout=1'>LogOut</a><br>";
        $client->setAccessToken($_SESSION['token']);
        $youtube = new Google_Service_YouTube($client);
    }


 print "Access from google: " . $_SESSION['token']; 
?>

Something like this maybe. Sorry I cant test it from here its an edit from some other code. If it doesn't work let me know and I will try and test it tonight.