1

I'm encountering an issue verifying a Google ID token using the PHP API. The tokeninfo endpoint successfully verifies it, but $client->verifyIdToken($id_token) returns false in my PHP code. I have also downgraded my PHP version to 7.4

Questions:

  1. Has anyone else faced this issue with PHP 7.4?
  2. Are there known compatibility issues with specific library versions?
  3. Are there additional troubleshooting steps I can try?

Any guidance would be greatly appreciated.

Here's an the code I am using:

<?php
require_once 'vendor/autoload.php';
      
// Get $id_token via HTTPS POST.

$CLIENT_ID = 'token-xxx-xxx-xxx-xx-000.apps.googleusercontent.com';
$id_token = $_POST['credential'];
$client = new Google_Client(['client_id' => $CLIENT_ID]);  
$payload = $client->verifyIdToken($id_token); //Not working

echo file_get_contents('https://oauth2.googleapis.com/tokeninfo?id_token='.$id_token); //Works

echo var_dump($payload); //false

if ($payload) {
  //$userid = $payload['sub'];
  // If request specified a G Suite domain:
   //$domain = $payload['hd'];
} else {
  // Invalid ID token
}
?>

Steps taken:

  • Verified client ID is correct.
  • Checked for error messages or exceptions.
  • Inspected the $payload variable after verification.
  • Verified network traffic to Google's servers.
Improve this question
4
  • You need two tokens .. Of which I don't see here .. You need the "main" token, and then a "access" token that needs refreshed every so often because they expire .. Your code doesn't look like the native PHP Oath provided by Google HERE -- If that package is correct, you need to read the documentation thouroughly. Commented Jan 4, 2024 at 16:37
  • But that is the code i found on developers.google.com/identity/sign-in/web/backend-auth Commented Jan 9, 2024 at 23:38
  • Because Google is KNOWN for their accurate documentation .. Commented Jan 10, 2024 at 21:44
  • Use the API I linked .. It's pretty easy to use, and there is plenty of docs and Stack Overflow help Commented Jan 10, 2024 at 21:58
Related questions
6
Google Oauth2 verifyIdToken return invalid token signature with valid id_token
1287
How can I sanitize user input with PHP?
812
Pretty-Printing JSON with PHP
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.