My question:
How can I receive an extended token so the user won't be logged out after an hour or so? I intentionally requested an offline access because I read that I have to in order to receive a refresh token. But I'm not receiving it in the authResult
java-script variable.
My code:
This is how my users sign in to my site with their Google account:
1 - A sign in button is presented.
<span id="signinButton">
<span class="g-signin" data-callback="signinCallback" data-clientid="********.apps.googleusercontent.com" data-access_type="offline" data-cookiepolicy="single_host_origin" data-requestvisibleactions="http://schema.org/AddAction" data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read https://www.googleapis.com/auth/offline"></span>
</span>
2 - After the user click on the button, an ajax call is being made and the access token is passed on to the server.
function signinCallback(authResult) {
if (authResult['status']['signed_in']) {
//Shoot the ajax
$.ajax({
//...Send the access token to the server
})
.done(function(msg) {
//...Do somthing after a sucessfull login
});
} else {
//...
}
}
3 - A PHP function receives the token and saves it in the $_SESSION
variable for later use.
public function GoogleAuth($token) {
$_SESSION['google_token'] = $token;
#See that the token is valid
$session_status = $this->GetSessionStatus($token, 'all');
if ($session_status == false) {
return $session_status;
}
#If token is valid, manage the registration/login process
//...
}
4 - Here is the function that check if the token is valid:
public function GetSessionStatus($token) {
$url = 'https://www.googleapis.com/oauth2/v1/userinfo';
$params = 'access_token='.$token;
$ch = curl_init($url . '?' . $params);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if (!empty($headers)) curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$user = curl_exec($ch);
$user = json_decode($user);
curl_close($ch);
if (isset($user->id)) {
return true;
} else {
return false;
}
}
Again with my question in case you forgot :)
So this is how I handle the sign in. I'm not sure that I'm doing it properly, but it works.
My question is how can I receive an extended token so the user won't be logged out after an hour or so. I intentionally requested an offline access because I read that I have to in order to receive a refresh token. But I'm not receiving it in the authResult
java-script variable.
Edit: At end (how it was solved):
First, instead of using the $_SESSION
, I used $_COOKIE
. It's more permanent.
Second, I switch to all PHP sdk in order to receive the refresh token.