通过Php(Laravel)验证Google ID令牌的完整性
[英]Verify the integrity of the Google ID token by Php (Laravel)
问题描述
我正在开发一个具有两个方面的应用程序:移动端(IOS)和服务器端(PHP,Laravel 5.4)。 我正在使用Google自己的类来生成Google令牌,并将其以json格式发送到服务器。
我的Json看起来像这样:
["name": "ali farhangmehr", "email": "ali.farhangmehr@gmail.com", "google_image_url": https://lh5.googleusercontent.com/-6KoifJgUUW0/AAAAAAAAAAI/AAAAAAAAA60/BbWD4fEDvHk/s100/photo.jpg, "googleToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVlYTZiNzAzYjYzOTVmYzJlNWJkNmUzY2EwZjhiMzcxYTE0ODU5YjMifQ.eyJhenAiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyNTk3NjE1MTY5NjEtOXZ0Y3AyZnQ1dXZsaGJkdmxlM2lndDlsbDg3b3FwM2EuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDU4NzI5MzY5MDEzOTMwNjEyNTEiLCJlbWFpbCI6ImFsaS5mYXJoYW5nbWVockBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkN6S0htamlYOUhDM2JjaGZRTGJ3ZXciLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE1MDIwNDc4MjAsImV4cCI6MTUwMjA1MTQyMCwibmFtZSI6ImFsaSBmYXJoYW5nbWVociIsInBpY3R1cmUiOiJodHRwczovL2xoNS5nb29nbGV1c2VyY29udGVudC5jb20vLTZLb2lmSmdVVVcwL0FBQUFBQUFBQUFJL0FBQUFBQUFBQTYwL0JiV0Q0ZkVEdkhrL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJhbGkiLCJmYW1pbHlfbmFtZSI6ImZhcmhhbmdtZWhyIiwibG9jYWxlIjoiZW4ifQ.fMbcS3axTumt1hW4_Fss3C3QfLc_Ohhqlj3XfRkDmXixOlnEAV-9GaxI-6IOl0bdh382rJd2Ign4Fjdw8dJ5kGNhMmci9sV-_G50FU3vNH60RptJ04QX7BGrfUOjCJIV5dARJqsCNwqVWItR1F5z-gz9WHA0YKAjMCTWMWSuF03O0yowqzPoajwBLk5VNGOk7Q9fRvKEG7tnTGkckCBSBwWa5KdYnQw-k1OGB9W7qjcQrCelPE8SPzR_GwhHNoAGTOpZXQQSoeDNad8JWbExGZ9MeBDRoaLfLIoV7NRrVaSEwc4wSmga-yqlqjhGaULcdUGOZOasbhDyl28ULEDK2w"]
到目前为止没有问题。 然后,我必须检查Google令牌是否有效,以便我可以注册用户或登录电子邮件。这是Google自身与此文档相关的链接https://developers.google.com/identity/sign-in/网络/后端身份验证
我遵循了所有内容,我的PHP代码如下所示:
$input = $request->all();
$google_token = $input['google_token'] = $request->input('googleToken');
$client_id = $CLIENT_ID; //from my google console
$client=new Google_Client(['client_id' => $client_id]);
$payload=$client->verifyIdToken($google_token);
$client->verifyIdToken($google_token);
if ($payload) {
// do the login or register
} else {
return false;
}
并且每次我收到此错误:
(1/1) SignatureInvalidException
Signature verification failed
in JWT.php (line 112)
1 个解决方案
解决方案1
0 2017-10-28 18:56:01
这个问题是因为新的JWT for firebase只需在JWT上使用旧版本就可以了
composer require firebase/php-jwt:4.0
将 google 验证签名代码 (kotlin) 转换为 PHP (laravel)
[英]Convert google verify signature code (kotlin) to PHP (laravel)
如何从此Android应用获取此Google登录ID令牌以验证服务器端?
[英]How can I get this Google Login ID Token from this Android app to verify server-side?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.