search

suresh2127 / google-api-php-client

Automatically exported from code.google.com/p/google-api-php-client
Apache License 2.0
0 stars 0 forks source link

Having to Reauthorize my site EVERY time #35

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Okay, I used the sample code to dump my profile. But every time I have a 
different page try and loud my profile I have to reauthorize it to use my 
google account.  I figured this would be a one time auth process.  My code is 
literally the same on each page.  Pages being index.php or profile.php.  The 
Domain is the same every time. 

So in summary: if I load http://www.mydomain.com it takes me to that connect me 
button and then we I go to http://wwww.mydomain.com/profile.php I get sent to 
the connect me button again.  Should that be happening?

  $authUrl = $client->createAuthUrl();
  print "<a class='login' href='$authUrl'>Connect Me!</a>";

Original issue reported on code.google.com by tommy.r....@gmail.com on 9 Oct 2011 at 8:39

GoogleCodeExporter commented 9 years ago 
The sample code saves everything in a session cookie. It looks like you want to 
spin up a database to save the accessToken. Basically everything stored in 
$_SESSION should be removed and swapped with a database.

The next step is to identify the user visiting your website.  This means you 
want to implement an *authentication* system in PHP.

If you are starting from scratch, I would recommend looking at the following 
frameworks that do it for you.

http://symfony.com/doc/2.0/book/security.html
http://codeigniter.com/user_guide/libraries/sessions.html
http://book.cakephp.org/view/1250/Authentication

Once you are able to identify a user visiting your website, you can then 
associate a google+ id, access token, etc with the user visiting your website.

There's a discussion about this on the Google+ Platform mailing list:
https://groups.google.com/forum/#!topic/google-plus-developers/U4SLlbEz9BE
https://groups.google.com/forum/#!topic/google-plus-developers/Qo-veKiARI0

Original comment by chiragsh...@gmail.com on 9 Oct 2011 at 10:37

GoogleCodeExporter commented 9 years ago 
Thanks for your reply although half of it really doesn't make sense to me.  
Basically once I approve a domain or application to access my google plus 
information that application shouldn't have to ever be authorized again.  At 
least thats the ideal way.  So what I'm gathering from you is that once that 
"Connect Me" button is clicked the first time I should store the returned info 
that authorizes the application somewhere and then every time the application 
is loaded pull that info from the database and not that google + authorization??

Original comment by tommy.r....@gmail.com on 10 Oct 2011 at 1:09