feat: add pkce support and upgrade examples (googleapis#2438)

bshaffer · web-flow · commit bded223ece44 · 2023-05-18T05:59:44.000-06:00
diff --git a/composer.json b/composer.json
@@ -7,7 +7,7 @@
     "license": "Apache-2.0",
     "require": {
         "php": "^7.4|^8.0",
-        "google/auth": "^1.26",
+        "google/auth": "^1.28",
         "google/apiclient-services": "~0.200",
         "firebase/php-jwt": "~6.0",
         "monolog/monolog": "^2.9||^3.0",
diff --git a/examples/idtoken.php b/examples/idtoken.php
@@ -57,7 +57,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
 
     // store in the session also
     $_SESSION['id_token_token'] = $token;
@@ -77,6 +77,7 @@
 ) {
     $client->setAccessToken($_SESSION['id_token_token']);
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 
diff --git a/examples/large-file-download.php b/examples/large-file-download.php
@@ -48,7 +48,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -65,6 +65,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 
diff --git a/examples/large-file-upload.php b/examples/large-file-upload.php
@@ -53,7 +53,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -70,6 +70,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 
diff --git a/examples/multi-api.php b/examples/multi-api.php
@@ -54,7 +54,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -71,6 +71,7 @@
         unset($_SESSION['multi-api-token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 
diff --git a/examples/simple-file-upload.php b/examples/simple-file-upload.php
@@ -53,7 +53,7 @@
  * bundle in the session, and redirect to ourself.
  ************************************************/
 if (isset($_GET['code'])) {
-    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
+    $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);
     $client->setAccessToken($token);
 
     // store in the session also
@@ -70,6 +70,7 @@
         unset($_SESSION['upload_token']);
     }
 } else {
+    $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();
     $authUrl = $client->createAuthUrl();
 }
 
diff --git a/src/Client.php b/src/Client.php
@@ -240,9 +240,10 @@ public function authenticate($code)
      * Helper wrapped around the OAuth 2.0 implementation.
      *
      * @param string $code code from accounts.google.com
+     * @param string $codeVerifier the code verifier used for PKCE (if applicable)
      * @return array access token
      */
-    public function fetchAccessTokenWithAuthCode($code)
+    public function fetchAccessTokenWithAuthCode($code, $codeVerifier = null)
     {
         if (strlen($code) == 0) {
             throw new InvalidArgumentException("Invalid code");
@@ -251,6 +252,9 @@ public function fetchAccessTokenWithAuthCode($code)
         $auth = $this->getOAuth2Service();
         $auth->setCode($code);
         $auth->setRedirectUri($this->getRedirectUri());
+        if ($codeVerifier) {
+            $auth->setCodeVerifier($codeVerifier);
+        }
 
         $httpHandler = HttpHandlerFactory::build($this->getHttpClient());
         $creds = $auth->fetchAuthToken($httpHandler);

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@`
`48`	`48`	`* bundle in the session, and redirect to ourself.`
`49`	`49`	`************************************************/`
`50`	`50`	`if (isset($_GET['code'])) {`
`51`		`- $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);`
	`51`	`+ $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);`
`52`	`52`	`$client->setAccessToken($token);`
`53`	`53`
`54`	`54`	`// store in the session also`
`@@ -65,6 +65,7 @@`
`65`	`65`	`unset($_SESSION['upload_token']);`
`66`	`66`	`}`
`67`	`67`	`} else {`
	`68`	`+ $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();`
`68`	`69`	`$authUrl = $client->createAuthUrl();`
`69`	`70`	`}`
`70`	`71`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@`
`53`	`53`	`* bundle in the session, and redirect to ourself.`
`54`	`54`	`************************************************/`
`55`	`55`	`if (isset($_GET['code'])) {`
`56`		`- $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);`
	`56`	`+ $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);`
`57`	`57`	`$client->setAccessToken($token);`
`58`	`58`
`59`	`59`	`// store in the session also`
`@@ -70,6 +70,7 @@`
`70`	`70`	`unset($_SESSION['upload_token']);`
`71`	`71`	`}`
`72`	`72`	`} else {`
	`73`	`+ $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();`
`73`	`74`	`$authUrl = $client->createAuthUrl();`
`74`	`75`	`}`
`75`	`76`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@`
`54`	`54`	`* bundle in the session, and redirect to ourself.`
`55`	`55`	`************************************************/`
`56`	`56`	`if (isset($_GET['code'])) {`
`57`		`- $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);`
	`57`	`+ $token = $client->fetchAccessTokenWithAuthCode($_GET['code'], $_SESSION['code_verifier']);`
`58`	`58`	`$client->setAccessToken($token);`
`59`	`59`
`60`	`60`	`// store in the session also`
`@@ -71,6 +71,7 @@`
`71`	`71`	`unset($_SESSION['multi-api-token']);`
`72`	`72`	`}`
`73`	`73`	`} else {`
	`74`	`+ $_SESSION['code_verifier'] = $client->getOAuth2Service()->generateCodeVerifier();`
`74`	`75`	`$authUrl = $client->createAuthUrl();`
`75`	`76`	`}`
`76`	`77`