feat: add pkce support and upgrade examples (#2438)

googleapis · May 18, 2023 · bded223 · bded223
1 parent c765b37
commit bded223
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 7 deletions.
diff --git a/composer.json b/composer.json
@@ -7,7 +7,7 @@
     "license": "Apache-2.0",
     "require": {
         "php": "^7.4|^8.0",
-        "google/auth": "^1.26",
+        "google/auth": "^1.28",
         "google/apiclient-services": "~0.200",
         "firebase/php-jwt": "~6.0",
         "monolog/monolog": "^2.9||^3.0",

diff --git a/examples/idtoken.php b/examples/idtoken.php
@@ -57,7 +57,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
 
     // store in the session also
     $_SESSION['id_token_token'] = $token;
@@ -77,6 +77,7 @@
 ) {
     $client->setAccessToken($_SESSION['id_token_token']);
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 

diff --git a/examples/large-file-download.php b/examples/large-file-download.php
@@ -48,7 +48,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -65,6 +65,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 

diff --git a/examples/large-file-upload.php b/examples/large-file-upload.php
@@ -53,7 +53,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -70,6 +70,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 

diff --git a/examples/multi-api.php b/examples/multi-api.php
@@ -54,7 +54,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -71,6 +71,7 @@
         unset($_SESSION['multi-api-token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 

diff --git a/examples/simple-file-upload.php b/examples/simple-file-upload.php
@@ -53,7 +53,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -70,6 +70,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 

diff --git a/src/Client.php b/src/Client.php
@@ -240,9 +240,10 @@ public function authenticate($code)
      * Helper wrapped around the OAuth 2.0 implementation.
      *
      * @param string $code code from accounts.google.com
+     * @param string $codeVerifier the code verifier used for PKCE (if applicable)
      * @return array access token
      */
-    public function fetchAccessTokenWithAuthCode($code)
+    public function fetchAccessTokenWithAuthCode($code, $codeVerifier = null)
     {
         if (strlen($code) == 0) {
             throw new InvalidArgumentException("Invalid code");
@@ -251,6 +252,9 @@ public function fetchAccessTokenWithAuthCode($code)
         $auth = $this->getOAuth2Service();
         $auth->setCode($code);
         $auth->setRedirectUri($this->getRedirectUri());
+        if ($codeVerifier) {
+            $auth->setCodeVerifier($codeVerifier);
+        }
 
         $httpHandler = HttpHandlerFactory::build($this->getHttpClient());
         $creds = $auth->fetchAuthToken($httpHandler);