I got some question about the OAuth2.0 process.
I would like to achieve something like Stack
Log with google account feature.
I’m using the PHP library from Google.
I’m ok retrieving the refresh token and the access token.
So far so good, my question is : when the user log out from my website and click the button again, how am I supposed to know who the user is to retrieve from DB the right refresh token ?
I thought about keeping the email in a cookie but StackOverflow doesn’t seem to do that as I cleared my cookies but Stack keep connecting me as I click the button without showing back the “Application scope authorization” google page.
Am I missing something ?
Is there an API allowing to get the user email without token ?
Maybe RefreshToken should only be used with Mobile APP where you know the user?
What I want to achieve is relatively simple, the user click the sign-in, first time one has to approve the application. Once its done, I would like to automatically connect the user when the sign-in button is clicked.
Thanks for any information on that
https://developers.google.com/accounts/docs/OAuth2Login describes just how to achieve sign-in using Google/ OAuth2.
When user clicks on sign-in button for the first time and enters the login details OAuth returns all user data including email and google ID. So you can store google ID in database with email. Also when user logout and again click on sign-in button, OAuth retrieves the data again. So you can check the google ID retrieved by OAuth with google ID’s present in your DB.
What you need to do is to setup a persistent cookie with a unique ID and create an entry in your database that associates that ID with the logged user.
Obviously in the first time the user logs in your site using OAuth you need to create the record of the user in your database.
You also need to redirect to the right Google OAuth endpoint to retrieve a token for offline users, or else the token will expire and it cannot be renewed automatically after a while.
I have written an article precisely on this of getting Google OAuth tokens for offline usage and keep them valid and renewable for as long as you want. This article is about a class that I wrote with all the code to do that including storing tokens in a database.
Choose this procedure if you prefer to just update your OAuth 2.0 login (OpenID Connect) implementation.
Change endpoint: You can replace the userinfo endpoint with the people.get endpoint by using the following HTTP request path:
If you instead need OpenID Connect format, replace userinfo endpoint with the people.getOpenIdConnect endpoint by using the following HTTP request path:
Change scope: If your app is currently using the https://www.googleapis.com/auth/userinfo.profile scope, you can switch to the profile scope. Your app gets the same profile info that it got before, so your users will not be required to re-consent.
Migrate how your app gets email addresses: If you use the userinfo endpoint to get user email addresses, you can migrate how your app gets email addresses.