From f7a591998776fed9dce7b358c592aff27bcfb6bc Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Tue, 9 May 2023 18:21:02 -0700 Subject: [PATCH 1/2] feat: add pkce support and upgrade examples --- composer.json | 2 +- examples/idtoken.php | 3 ++- examples/large-file-download.php | 3 ++- examples/large-file-upload.php | 3 ++- examples/multi-api.php | 3 ++- examples/simple-file-upload.php | 3 ++- src/Client.php | 5 ++++- 7 files changed, 15 insertions(+), 7 deletions(-) diff --git a/composer.json b/composer.json index 9c3b7d233..0834fde3a 100644 --- a/composer.json +++ b/composer.json @@ -7,7 +7,7 @@ "license": "Apache-2.0", "require": { "php": "^5.6|^7.0|^8.0", - "google/auth": "^1.10", + "google/auth": "^1.28.0", "google/apiclient-services": "~0.200", "firebase/php-jwt": "~2.0||~3.0||~4.0||~5.0||~6.0", "monolog/monolog": "^1.17||^2.0||^3.0", diff --git a/examples/idtoken.php b/examples/idtoken.php index f592d7ae5..1c628d958 100644 --- a/examples/idtoken.php +++ b/examples/idtoken.php @@ -57,7 +57,7 @@ * bundle in the session, and redirect to ourself. ************************************************/ if (isset($_GET['code'])) { - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']); // store in the session also $_SESSION['id_token_token'] = $token; @@ -77,6 +77,7 @@ ) { $client->setAccessToken($_SESSION['id_token_token']); } else { + $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier(); $authUrl = $client->createAuthUrl(); } diff --git a/examples/large-file-download.php b/examples/large-file-download.php index 72bf7ff6f..a3c99d0e2 100644 --- a/examples/large-file-download.php +++ b/examples/large-file-download.php @@ -48,7 +48,7 @@ * bundle in the session, and redirect to ourself. ************************************************/ if (isset($_GET['code'])) { - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']); $client->setAccessToken($token); // store in the session also @@ -65,6 +65,7 @@ unset($_SESSION['upload_token']); } } else { + $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier(); $authUrl = $client->createAuthUrl(); } diff --git a/examples/large-file-upload.php b/examples/large-file-upload.php index a45743f62..17abdad72 100644 --- a/examples/large-file-upload.php +++ b/examples/large-file-upload.php @@ -53,7 +53,7 @@ * bundle in the session, and redirect to ourself. ************************************************/ if (isset($_GET['code'])) { - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']); $client->setAccessToken($token); // store in the session also @@ -70,6 +70,7 @@ unset($_SESSION['upload_token']); } } else { + $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier(); $authUrl = $client->createAuthUrl(); } diff --git a/examples/multi-api.php b/examples/multi-api.php index 78aa0ecf4..e247e4139 100644 --- a/examples/multi-api.php +++ b/examples/multi-api.php @@ -54,7 +54,7 @@ * bundle in the session, and redirect to ourself. ************************************************/ if (isset($_GET['code'])) { - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']); $client->setAccessToken($token); // store in the session also @@ -71,6 +71,7 @@ unset($_SESSION['multi-api-token']); } } else { + $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier(); $authUrl = $client->createAuthUrl(); } diff --git a/examples/simple-file-upload.php b/examples/simple-file-upload.php index 20bcdf9a8..b85a7a96f 100644 --- a/examples/simple-file-upload.php +++ b/examples/simple-file-upload.php @@ -53,7 +53,7 @@ * bundle in the session, and redirect to ourself. ************************************************/ if (isset($_GET['code'])) { - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']); $client->setAccessToken($token); // store in the session also @@ -70,6 +70,7 @@ unset($_SESSION['upload_token']); } } else { + $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier(); $authUrl = $client->createAuthUrl(); } diff --git a/src/Client.php b/src/Client.php index 3366899f7..af3e48527 100644 --- a/src/Client.php +++ b/src/Client.php @@ -242,7 +242,7 @@ public function authenticate($code) * @param string $code code from accounts.google.com * @return array access token */ - public function fetchAccessTokenWithAuthCode($code) + public function fetchAccessTokenWithAuthCode($code, $codeVerifier = null) { if (strlen($code) == 0) { throw new InvalidArgumentException("Invalid code"); @@ -251,6 +251,9 @@ public function fetchAccessTokenWithAuthCode($code) $auth = $this->getOAuth2Service(); $auth->setCode($code); $auth->setRedirectUri($this->getRedirectUri()); + if ($codeVerifier) { + $auth->setCodeVerifier($codeVerifier); + } $httpHandler = HttpHandlerFactory::build($this->getHttpClient()); $creds = $auth->fetchAuthToken($httpHandler); From 492502a126dac45e400203be7517bb58075782bc Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Wed, 17 May 2023 11:20:08 -0700 Subject: [PATCH 2/2] Update Client.php --- src/Client.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Client.php b/src/Client.php index c85a36086..31b3f1d5f 100644 --- a/src/Client.php +++ b/src/Client.php @@ -240,6 +240,7 @@ public function authenticate($code) * Helper wrapped around the OAuth 2.0 implementation. * * @param string $code code from accounts.google.com + * @param string $codeVerifier the code verifier used for PKCE (if applicable) * @return array access token */ public function fetchAccessTokenWithAuthCode($code, $codeVerifier = null)