Oauth 2 $client->getAccessToken() Returns Null value

Question

I am using codeigniter MVC framework for signing in to my site using google client library. Everything is working fine except $client->getAccessToken() when google redirects with code and I do the following code. $client->getAccessToken() return null value. Here is my code for controller function one. In this function I set my credentials to create authUrl.

public function login()
{
    // Include two files from google-php-client library in controller
    include_once APPPATH . 'third_party/google-api-php-client/vendor/autoload.php';
    
    // Store values in variables from project created in Google Developer Console
    $client_id = 'XXXXXX';
    $client_secret = 'XXXXX';
    $redirect_uri = 'path/to/mysite/login/loginGoogle';
    $simple_api_key = 'XXXXXXX';
    
    // Create Client Request to access Google API
    $client = new Google_Client();
    $client->setApplicationName("mysite");
    $client->setClientId($client_id);
    $client->setClientSecret($client_secret);
    $client->setRedirectUri($redirect_uri);
    $client->setDeveloperKey($simple_api_key);
    $client->addScope("https://www.googleapis.com/auth/userinfo.email");
    
    $authUrl = $client->createAuthUrl();
    $data['authUrl'] = $authUrl;
    
    $this->load->view('login',$data);
}

And after that when google authenticate and redirects to my redirect uri which is an other controller function which is given below. and problem is in this function.

public function loginGoogle()
{
    // Include two files from google-php-client library in controller
    include_once APPPATH . 'third_party/google-api-php-client/vendor /autoload.php';
       $client_id = 'XXXXXX';
        $client_secret = 'XXXXX';
        $redirect_uri = 'path/to/mysite/login/loginGoogle';
        $simple_api_key = 'XXXXXXX';
    
    // Create Client Request to access Google API
    $client = new Google_Client();
    $client->setApplicationName("mysite");
    $client->setClientId($client_id);
    $client->setClientSecret($client_secret);
    $client->setRedirectUri($redirect_uri);
    $client->setDeveloperKey($simple_api_key);
    $client->addScope("https://www.googleapis.com/auth/userinfo.email");
$objOAuthService = new Google_Service_Oauth2($client);
    
    // Add Access Token to Session
    if(!isset($_SESSION['access_token'])){
        
        if (isset($_GET['code'])) {
            $client->authenticate($_GET['code']);
            $token = $client->getAccessToken();                 
            $_SESSION['access_token'] = $token;
            print_r($this -> session -> userdata());exit;
            header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
        }
    }
    // Set Access Token to make Request
    if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
        $client->setAccessToken($_SESSION['access_token']);
    }
    // Get User Data from Google and store them in $data
    if ($client->getAccessToken()) {
        $userData = $objOAuthService->userinfo->get();
        $data['userData'] = $userData;
        $_SESSION['access_token'] = $client->getAccessToken();
    }}

here in second function getAccessToken return nothing and google throws expection.

Answer 1

It looks like you never get the refresh token. There are two different tokens, the access token expires every few hours or so, but the refresh token is only sent the one time when the redirect asks the user for permission. It needs to be stored somewhere secure and is used in the future to refresh the access token. Here's what my codeigniter code looks like to access the Google API (this would replace your if statements in the loginGoogle function:

        if($refresh_token_accessed_from_my_database) {
            //If session contains no valid Access token, get a new one
            if ($client->isAccessTokenExpired()) {
                $client->refreshToken($refresh_token_accessed_from_my_database);
            }
            //We have access token now, launch the service
            $this->service = new Google_Service_Calendar($client);
        }
        else {
            //User has never been authorized, so let's ask for the ok
            if (isset($_GET['code'])) {
                //Creates refresh and access tokens
                $credentials = $client->authenticate($_GET['code']);

                //Store refresh token for further use
                //I store mine in the DB, I've seen others store it in a file in a secure place on the server
                $refresh_token = $credentials['refresh_token'];
                //refresh_token->persist_somewhere()

                //Store the access token in the session so we can get it after
                //the callback redirect
                $_SESSION['access_token'] = $client->getAccessToken();
                $redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
                header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
            }

            if (!isset($_SESSION['access_token'])) {
                $auth_url = $client->createAuthUrl();
                header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
            }

            if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
                $client->setAccessToken($_SESSION['access_token']);
                $this->service = new Google_Service_Calendar($client);
            }

Answer 2

If you are running on PLESK you might want to change the permission on /var/lib/php/session to 1777.

chmod 1777 /var/lib/php/sessions