$_POST[‘credential’]值是回调API Google身份验证的Json Web令牌,在HTML和应用程序开发控制台中处理
在控制器中(路由是在Api和应用程序的谷歌控制台中的回调url中给出的url(:
#[Route('/connect/google/check', name: 'connect_google_check')]
public function connectCheckAction():Response
{
$jwt = $request->request->get('credential');
$match = explode( ".", $jwt);
dd(json_decode(base64_decode($match[0])),json_decode(base64_decode($match[1])),json_decode(base64_decode($match[2])));
}
给出:
{#1152 ▼
+"alg": "RS256"
+"kid": "ba079b4202641e54abced8fb1354ce03919fb294"
+"typ": "JWT"
},
null,
null
我的html是:
<script nonce="{{ csp_nonce() }}" src="https://accounts.google.com/gsi/client" async defer></script>
<meta name="google-signin-client_id" content="1671-a7dkj7lut6mhipeh94p618nej2peeg30.apps.googleusercontent.com">
<div class="link-connect">
<div id="g_id_onload"
data-client_id="1671-a7dkj7lut6mhipeh94p618nej2peeg30.apps.googleusercontent.com"
data-login_uri="https://monticketperso.fr/login"
data-auto_prompt="false"
data-callback="handleCredentialResponse">
</div>
<div class="g_id_signin"
data-type="standard"
data-size="large"
data-theme="outline"
data-text="sign_in_with"
data-shape="rectangular"
data-logo_alignment="left">
</div>
</div>
我的Google auth2是Google+(SDK Google身份(-https://developers.google.com/identity/gsi/web/guides/overview
我的应用程序共享配置是:
.../auth/userinfo.email
.../auth/userinfo.profile
openid
所以不需要集成授权,只需要实现身份验证!!?我不知道为什么:json_decode(base64_decode(match[1])) and json_decode(base64_decode(match[2]))不工作!如果有任何解决这个错误的想法,你会很高兴。。。非常感谢。有线
控制器中dd的结果
现在不用捆绑即可工作:
$jwt = $request->request->get('credential');
$match=explode('.',$jwt);
function base64url_decode($base64url)
{
$base64 = strtr($base64url, '-_', '+/');
$plainText = base64_decode($base64);
return ($plainText);
}
$payload=base64url_decode($match[1]);
$payloadObject=json_decode($payload);
$verif = $payloadObject->email_verified;
$email = $payloadObject->email;
但现在为了验证用户,我在post回调中有一个空的teturned X-AUTH-TOKEN头。。。认证功能如下:
public function authenticate(Request $request): PassportInterface
{
$apiToken = $request->headers->get('X-AUTH-TOKEN');
if (null === $apiToken) {
// The token header was empty, authentication fails with HTTP Status
// Code 401 "Unauthorized"
throw new CustomUserMessageAuthenticationException('No API token provided');
}
return new SelfValidatingPassport(new UserBadge($apiToken));
}
并且post请求没有X-AUTH-TOKEN头:
dd($request->headers->get('X-AUTH-TOKEN'));
//null
我在谷歌搜索上找到了很多结果,但其中一些没有用。。。如果有什么想法?非常感谢。有线
最后,我为谷歌重新创建了一个Authenticator,并绕过了X-AUTH-TOKEN标头的需要,因此我通过谷歌控制器对用户进行身份验证,如果用户不存在,该控制器会输入用户,我的Authenticator会在身份验证过程中添加用户:
dans/src/Controller/GoogleController.php:
use SymfonyComponentHttpFoundationRequest;
use SymfonyBundleFrameworkBundleControllerAbstractController;
use SymfonyComponentHttpFoundationResponse;
use SymfonyComponentRoutingAnnotationRoute;
use DoctrineORMEntityManagerInterface;
use SymfonyComponentPasswordHasherHasherUserPasswordHasherInterface;
use SymfonyComponentSecurityHttpAuthenticationUserAuthenticatorInterface;
use LexikBundleJWTAuthenticationBundleServicesJWTTokenManagerInterface;
use SymfonyComponentSecurityCoreAuthenticationTokenTokenInterface;
use SymfonyComponentSecurityCoreAuthenticationTokenStorageTokenStorageInterface;
use AppSecurityGoogleAuthenticator;
class GoogleController extends AbstractController
{
public function connectCheckAction(Request $request, UserPasswordHasherInterface $userPasswordHasher, UserAuthenticatorInterface $userAuthenticator, EntityManagerInterface $entityManager, GoogleAuthenticator $authenticator):Response
{//...
//...
$userAuthenticator->authenticateUser(
$existingUser,
$authenticator,
$request
);
}
}
et/src/Security/GoogleAuthenticator.php:
namespace AppSecurity;
use SymfonyComponentHttpFoundationRequest;
use SymfonyComponentHttpFoundationResponse;
use SymfonyComponentHttpFoundationRedirectResponse;
use SymfonyComponentSecurityCoreAuthenticationTokenTokenInterface;
use SymfonyComponentSecurityCoreExceptionAuthenticationException;
use SymfonyComponentSecurityHttpAuthenticatorAbstractAuthenticator;
use SymfonyComponentSecurityHttpAuthenticatorPassportPassportInterface;
use SymfonyComponentSecurityHttpAuthenticatorPassportBadgeUserBadge;
use SymfonyComponentRoutingAnnotationRoute;
class GoogleAuthenticator extends AbstractAuthenticator
{
public function supports(Request $request): ?bool
{
// TODO: Implement supports() method.
if($request->request->get('credentials')){
return true;
} else {
return false;
}
}
public function authenticate(Request $request): PassportInterface
{
// TODO: Implement authenticate() method.
$jwt = $request->request->get('credential');
$match=explode('.',$jwt);
function base64url_decode($base64url)
{
$base64 = strtr($base64url, '-_', '+/');
$plainText = base64_decode($base64);
return ($plainText);
}
//dd($jwt, base64url_decode($match[0]),base64url_decode($match[1]),base64url_decode($match[2]));
$payload=base64url_decode($match[1]);
$payloadObject=json_decode($payload);
//dd($payloadObject);
if($payloadObject->email_verified===true){
//recupere email du jwt
return new SelfValidatingPassport(new UserBadge($match[1]));
} else {
throw new CustomUserMessageAuthenticationException('No API token provided');
}
//return new SelfValidatingPassport(new UserBadge($apiToken));
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName):?Response
{
// TODO: Implement onAuthenticationSuccess() method.
return null;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
// TODO: Implement onAuthenticationFailure() method.
return new RedirectResponse($this->router->generate('error404'));
}
// public function start(Request $request, AuthenticationException $authException = null): Response
// {
// /*
// * If you would like this class to control what happens when an anonymous user accesses a
// * protected page (e.g. redirect to /login), uncomment this method and make this class
// * implement SymfonyComponentSecurityHttpEntryPointAuthenticationEntryPointInterface.
// *
// * For more details, see https://symfony.com/doc/current/security/experimental_authenticators.html#configuring-the-authentication-entry-point
// */
// }
}
et dans config/packages/security.yaml:
security:
firewalls:
main:
custom_authenticators:
- AppSecurityAppCustomAuthenticator
- AppSecurityGoogleAuthenticator