Setting UP Google Login for Website

Posted on by admin

OAuth2 workflow

Google documentation on OAuth2 , see also Token Types

Client Libraries

Source of the above image is linked to the above image

Workflow for serverside applications in Google Site

PS: To view all accesses granted to all google apps,
visit Google Security Checkup

Web and App Activity

Steps to integrate Google Login

  1. Create authorization credentials

  2. Setup an app.
    Credentials are different for web , android apps and javascript (old & new)

    • First create a project
      • select "Select a project" dropdown, click, "New Project" Button.
    • Then create OAuth Consent Screen
      • choose if app is internal or external to your organisation
      • Set App Name, Support Email(usually name email of google account), Atleast one Authorised Domain, Developer Contact Email , other fields are non mandatory.
      • Add Scopes , you may choose from the list shown or manually add . To check it later, use Edit OAuth Consent, for apps API. Another important link in this regard api libraries available
      • Add Test Users if you want to restrict the app to be used by limited ones during testing
      • Verify the summary
    • Go to Credentials page. Click Create OAuth client ID .
      • choose application type. could be Web Application, Android etc
      • If it is for Web Application, dont forget to set redirect urls

  3. Create Table

    DROP TABLE IF EXISTS `osol_mvc__user`;
CREATE TABLE IF NOT EXISTS `osol_mvc_user` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`email` varchar(255) NOT NULL,
`first_name` varchar(255) NOT NULL,
`last_name` varchar(255) NOT NULL,
`gender` varchar(2) DEFAULT '',
`picture` text NOT NULL,
`DOB` date DEFAULT NULL,
`address1` varchar(255) DEFAULT NULL,
`address2` varchar(255) DEFAULT NULL,
`city` varchar(255) DEFAULT NULL,
`state` varchar(255) DEFAULT NULL,
`country` int(11) DEFAULT NULL,
`zip` varchar(20) DEFAULT NULL,
`date_joined` datetime NOT NULL,
`last_visited` datetime NOT NULL DEFAULT '1970-01-02 00:00:00',
`refresh_token` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `unique_email` (`email`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

  4. Composer composer require google/apiclient:^2.12.1

  5. Use GoogleLoginHelper

    1. Check Login(if (isset($_SESSION['user_id']))
    2. show login button if not logged in
      • Get Google Login URL with \Google\Client
    3. Verify Google Token after google redirects to site with key after login
    4. Redirect after Google Login(Success & Fail)
      5.Integrate with SessionHandlerHelper Class to update last login time

  6. Also add Logout Feature unset($_SESSION['user_id']);

OAuth Application Verification

Even though the app integration is perfect, google will shwo the App not verified error after successful login.This is to protect users and their data from deceptive apps.
Google App not verified Error

To get past this follow Verification for apps by google

Before you start the verification process, review the OAuth Application Verification FAQ. This will help your verification process go quickly. To start the verification process for apps, do the following steps:

  1. Update the OAuth consent screen details in the Google Cloud Platform Console APIs & Services Credentials:
    • You must have a privacy policy URL.
    • Add URLs for your homepage and Terms of Service if you have them.
  2. Verify your website ownership through Search Console by using an account that is a Project Owner or a Project Editor on your OAuth project.
    • The same account must be a verified owner of the property in Search Console. For more information about Search Console permissions, see Managing owners, users, and permissions.
    • We can't approve your OAuth verification request until your site ownership verification is complete. For more information, see Verify your site ownership.
  3. To start the verification process, submit a verification request by using the following process. Note that the Verification required dialog is a beta feature that might not be available for all users at this time.
    • On the GCP Console OAuth consent screen, click Submit or Save.
    • If a Verification required dialog displays:
      Add information in the text boxes for Google to verify your OAuth consent screen.
      When you're finished entering details, click Submit.

Note: If you add any new redirect URLs or JavaScript origins, or if you change your product name after verification, you have to go through verification again.

Common Errors

redirect_uri_mismatch

Access blocked: This app’s request is invalid
yourgmailid@gmail.com
You can’t sign in because this app sent an invalid request. You can try again later, or contact the developer about this issue. Learn more about this error
If you are a developer of this app, see error details.
Error 400: redirect_uri_mismatch

Solution:

  1. Check that That Redirect URL is properly set in https://console.developers.google.com/apis/credentials?authuser=1

  2. Ensure that you are not using http instead of required https, when you create redirect url in your server side script.

Related Posts

Android App Development : Google Sign In/Login

March 9, 2023

Curl with PHP

January 13, 2022