1

I am upgrading a joomla component i once made for google fusion tables. I downloaded the new php api. But I have some doubts about how I should develop my site and some things with oauth.

So my site reads the fusion tables and allows my (Joomla) users to change, delete or add data to any of those tables. So my question is, do I need a client login that is a web application type or a service account. It seems more logically to use the service account. If so how do I connect using php and the google php api framework.

$clientlogin_curl = curl_init();
    curl_setopt($clientlogin_curl,CURLOPT_URL,'https://www.google.com/accounts/ClientLogin');
    curl_setopt($clientlogin_curl, CURLOPT_POST, true); 
    curl_setopt ($clientlogin_curl, CURLOPT_POSTFIELDS,
        "Email=".$username."&Passwd=".$password."&service=fusiontables&accountType=GOOGLE");
    curl_setopt($clientlogin_curl,CURLOPT_CONNECTTIMEOUT,2);
    curl_setopt($clientlogin_curl,CURLOPT_RETURNTRANSFER,1);
    $token = curl_exec($clientlogin_curl);
    curl_close($clientlogin_curl);
    $token_array = explode("=", $token);
    $token = str_replace("\n", "", $token_array[3]);

Above it is how I used to connect, but now I get quota exceed, because it is deprecated.

I was reading this, https://code.google.com/p/google-api-php-client/wiki/OAuth2, and in the part of service accounts Fusion Tables is not mentioned. If not what should my redirect uri should be

EDIT

this is my code now

jimport('gft-jdc.oauth-php.src.Google_Client');
jimport('gft-jdc.oauth-php.src.contrib.Google_PlusService');

const CLIENT_ID = 'XXXXXXXXXXXXXXXXXXXXXXX7pu.apps.googleusercontent.com';
const SERVICE_ACCOUNT_NAME = 'XXXXXXXXXXXXXXXXXXXpu@developer.gserviceaccount.com';
const KEY_FILE = '/home/jdc/workspace/xxxxxxxxxxxxxxxprivatekey.p12';


class ClientLogin {
    public static function getAuthToken($username, $password) {      
        $client = new Google_Client();
        $client->setApplicationName("API Project");
        var_dump(CLIENT_ID);
        var_dump(KEY_FILE);
        $client->setClientId(CLIENT_ID);

        // Set your cached access token. Remember to replace $_SESSION with a
        // real database or memcached.
        if (isset($_SESSION['token'])) {
            $client->setAccessToken($_SESSION['token']);
        }

        // Load the key in PKCS 12 format (you need to download this from the
        // Google API Console when the service account was created.
        $key = file_get_contents(KEY_FILE);

        $client->setAssertionCredentials(new Google_AssertionCredentials(
                SERVICE_ACCOUNT_NAME,
                array('https://www.googleapis.com/auth/fusiontables'),
                $key)
        );

        $client->authenticate();

        if ($client->getAccessToken()) {
            $_SESSION['token'] = $client->getAccessToken();
        }
        $token = $_SESSION['token'];

        var_dump($token);

        return $token;
    }
}

I get this error

enter image description here

Solution, I just solved this last problem, you dont need $client->authenticate()

Here is a solution How to get OAuth2 access token with Google API PHP client?

if ($client->getAuth()->isAccessTokenExpired()) {
            $client->getAuth()->refreshTokenWithAssertion();
        }
Community
  • 1
  • 1
Juan Diego
  • 1,396
  • 4
  • 19
  • 52

1 Answers1

2

  1. Use a service account. Service account identifies a service(e.g: a website) and not a person. Since it is your site that needs to access the fusion tables - not you - service account is the way to go. (The other option would be to get your users to authenticate against your fusion tables one by one. This would require all of your users to have a google account and your site to give permission for them. Now we don't want to go through all the hassle, do we?)

  2. Use the API Console to create a service account. Note your account name, client id. Generate and download your .p12 private key file. After you created a service account, share(a.k.a: give permissions) your fusion table with the service account's email address (xxxx@developer.gserviceaccount.com)

  3. Forget curl. Download the Google API PHP Client. Under the hood it will still use curl but saves you the headache.

  4. Include the api client in your code and do the authentication. 

    require_once '<path>/src/Google_Client.php';
require_once '<path>/src/contrib/Google_FusiontablesService.php';

$CLIENT_ID = 'xxx.apps.googleusercontent.com';
$SERVICE_ACCOUNT_NAME = 'xxx@developer.gserviceaccount.com';
$KEY_FILE = '<path to your .p12 file>'; //this should not be reached by any of your site's visitors

$client = new Google_Client();
$client->setApplicationName("whatever");
$client->setClientId($CLIENT_ID);
$client->setAssertionCredentials(new Google_AssertionCredentials(
    $SERVICE_ACCOUNT_NAME,
    array('https://www.googleapis.com/auth/fusiontables'),
    file_get_contents($KEY_FILE)
);  
$client->authenticate();


//do whatever you need to do with your fusion table on behalf of the user
sanya
  • 860
  • 1
  • 8
  • 20
  • I am getting Error:invalid_request Missing required parameter: scope What is the scope for Fusion tables, i am looking at the examples but fusion tables are not im any examples. Thanks – Juan Diego Oct 23 '13 at 15:02
  • Which line do you get this error message? It shouldn't be a problem, scope is defined in the 2nd param of setAssertionCredentials() member function. – sanya Oct 25 '13 at 08:26
  • Sorry, I meant the 2nd param of the Google_AssertionCredentials constructor. – sanya Oct 25 '13 at 08:52
  • When I changed my code to work witha service account I get redirected from my file to https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=&client_id=620463939810-a8hh7nkeausspf1ah21cd37b89o0r7pu.apps.googleusercontent.com&scope=&access_type=offline&approval_prompt=force and in this page It shows this error – Juan Diego Oct 26 '13 at 14:19
  • I twicked with my code a little bit and it is basically the same but i get redirect_uri also, as you can see on my link on my comment above the scope and redirect_uri is not pointing at anything – Juan Diego Oct 26 '13 at 14:49