search

thephpleague / oauth2-client

Easy integration with OAuth 2.0 service providers.
http://oauth2-client.thephpleague.com
MIT License
3.64k stars 751 forks source link

Don't get the refresh_token #944

Open onlyu-bot opened 2 years ago

onlyu-bot commented 2 years ago

I get the refresh_token via curl after I revoke/remove the apps access from account(everytime).

<?
//Reference to dbjpanda/google-api.php(https://gist.github.com/dbjpanda/0ba3d73832b25d720398e8f1dce1359b)

$client_id = 'xxx.apps.googleusercontent.com';
$client_secret = 'xxxx';
$redirect_uri = 'https://example.com/get_token.php';
$end_point = 'https://accounts.google.com/o/oauth2/v2/auth';
$token_file="my-token.json";

$authUrl = $end_point.'?'.http_build_query([
    'client_id'              => $client_id,
    'redirect_uri'           => $redirect_uri,
    'scope'                  => 'https://mail.google.com/',
    'access_type'            => 'offline',
    'include_granted_scopes' => 'true',
    'response_type'          => 'code',
]);

echo '<a href = "'.$authUrl.'">Authorize</a></br>';

if ( !file_exists($token_file) ){

    if ( isset($_GET['code'])){
        $code = $_GET['code'];
    }else{
        return;
    } 

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,"https://accounts.google.com/o/oauth2/token");
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Content-Type: application/x-www-form-urlencoded']);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
        'code'          => $code,
        'client_id'     => $client_id,
        'client_secret' => $client_secret,
        'redirect_uri'  => $redirect_uri,
        'grant_type'    => 'authorization_code',
    ]));

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);
    curl_close ($ch);
}else{
    //and then to use the refresh_token to get a new access_token
}
var_dump($request); // There contains the refresh_token

But I cannot get the refresh_token via thephpleague/oauth2-client after I revoke/remove the apps access from account.

$provider = new \League\OAuth2\Client\Provider\Google([
    'clientId'                => 'xxx.apps.googleusercontent.com',
    'clientSecret'            => 'password',
    'redirectUri'             => 'https://example.com/get_token.php',
    'scopes' => ['https://mail.google.com/'],
    'access_type' => 'offline'
]);
$accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
]);
var_dump($accessToken->getRefreshToken());  //It is null

What do I miss?

southan commented 2 years ago

Typo: access_type should be accessType in your options array, as per the README