Basically I'm backend developer of Laravel. I want to create accessToken for video call using Twilio, front-end is mobile app (Flutter) backend is Laravel.
Twilio developer evangelist here.
As mentioned in these docs, you can generate an access token
on the Testing Tools page of the Twilio Console
with a Twilio helper library
In PHP, that'd look like
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\VideoGrant;
// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';
// A unique identifier for this user
$identity = "alice";
// The specific Room we'll allow the user to access
$roomName = 'DailyStandup';
// Create access token, which we will serialize and send to the client
$token = new AccessToken($twilioAccountSid, $twilioApiKey, $twilioApiSecret, 3600, $identity);
// Create Video grant
$videoGrant = new VideoGrant();
$videoGrant->setRoom($roomName);
// Add grant to token
$token->addGrant($videoGrant);
// render token to string
echo $token->toJWT();
Depending on what your Twilio Video app looks like, you may be able to do something like what I did in JavaScript here with the Twilio CLI.
Let me know if this helps at all!
Related
We've put together a google hangouts chat bot to provide some convenient functionality for our team. The bot is of the 'bot URL' variety, meaning that hangouts sends requests to an app endpoint and our app responds appropriately. At the moment, we're struggling to now validate the incoming requests from google. Each request has a bearer token in the Authentication header, but that JWT token does not validate. Both the php client library [https://github.com/googleapis/google-api-php-client] and the online validator [https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=] return the error 'invalid signature'
The google client php library's Google_AccessToken_Verify class has a verifyIdToken method which we use as described here in this example [https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/auth/src/auth_cloud_explicit.php]. We pass the path of our service account key file and the project ID into the google client constructor. Then we pass the incoming request's bearer token into the verifyIdToken method.
use Google_Client;
// inside a laravel controller with $request in scope
$bearer_token = $request->bearerToken();
$keyPath = FILE_LOCATION
$client = new Google_Client([
'keyFilePath' => $keyPath,
'projectId' => GCP_CLIENT_ID
]);
$payload = $client->verifyIdToken($bearer_token);
if(!empty($payload)){
return $this->call(ParseGoogleChatRequest::class, [$request]);
}else{
\Log::debug('bad token');
}
I expect the google client library to be able to validate a google JWT. This github issue [https://github.com/firebase/php-jwt/issues/175] reflects our experience implementing this approach. I would like to get some general guidance on which approach we should be using.
I figured out an acceptable solution with the help of another SO question. The google client library was already importing firebase/php-jwt, so I followed along the same lines as Jed from the question I linked to. Extracting the KID from the token, I used it to identify the correct public key from this url. Then I instantiated the php-jwt library and called the decode method on it, passing the required arguments. The decode method also verifies the signature and returns the components of the JWT on success.
I am trying to use googleapis_auth flutter package to obtain credentials, but stick with var scopes = [...]; what does I need to fill in the var scopes
import "package:googleapis_auth/auth_browser.dart";
...
var id = new ClientId("....apps.googleusercontent.com", null);
var scopes = [...];
// Initialize the browser oauth2 flow functionality.
createImplicitBrowserFlow(id, scopes).then((BrowserOAuth2Flow flow) {
flow.obtainAccessCredentialsViaUserConsent()
.then((AccessCredentials credentials) {
// Credentials are available in [credentials].
...
flow.close();
});
});
Auth scopes express the permissions you request users to authorize for your app. You can get details about what scopes you might need to add to your auth req here
But, googleapis_auth package is meant to be used with web projects only, it can not be used in flutter project.
If you want to implement google auth, try firebase_auth which allows google authentication using firebase backend.
I started a project using the Google API signin mixed with an angularJS+Firebase app.
What I would like to do is to be able to send an e-mail from one person to another programmatically.
Example: John is logged in, clicks on a button which sends an email to Rachel. But that email is sent using the stored token from Ted, not John's account.
It seems possible using the php library which is not an option here.
So far, I get the token easily using these few lines:
var GoogleAuth = gapi.auth2.getAuthInstance();
GoogleAuth.grantOfflineAccess({
scope: 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/drive https://mail.google.com/ profile email'
}).then(function(resp) {
console.log(resp);
this.storeToken(resp.code);
});
Is it actually possible ?
A quick search just got me results for php or about how you get a token with the JS library... not how to use it !
From my understanding you want to use a refresh token ( offline access ) to send an email from Ted's account via Javascript.
Sadly this is not possible client side. What your code gives you is a 'code' that you can send to your server using a $http.post () and trade with Google server side for a refresh token.
Here is a guide for how to change that code into a refresh token.
While you can do this client side it would involve exposing your client secret which you should never do.(https://developers.google.com/identity/sign-in/web/server-side-flow)
Every time John wants to send an email from Ted's account your application will have to send a request to your server that:
Sends a request to google with the refresh token and generates an access token (https://developers.google.com/identity/protocols/OAuth2WebServer#offline)
Sends a seccond request to google using the access token to send the email from Ted's account
I hope that this helped.
I am making an ajax controlled website, in which I use the Javascript SDK for Google to authenticate my users, and gain access to their google contacts. What I intend to do, is the following:
Authenticate the user in the browser, withour redirecting and ask for access to their Contact list, and access to manage their Contacts.
Store the user id in my database if he/she granted me the access, together with a refresh token, which if I am not mistaking, I can only get via server side.
Sometime later, if the user wants to see their google contacts via my website, send an ajax request to my server, which ASKS for an access_token from the user, retrieves the data and shows it to the user, or stores it in my own database if the user asks to.
I've managed to complete the first step from these three, I can authenticate a user, and get access to a single access token which is valid for 3600 hours, but I can't figure out how to authenticate a user server side, without redirecting him anywhere. I tried using the Google PHP SDK too, but can't seem to figure out how to do this. I am certain that this is possible somehow, because it is stated in the Google PHP SDK guide:
If we have authenticated on an Android or Javascript web client, we may have aquired a code via a different means. In this case, we just need to exchange it. If it was retrieved via the gapi Javascript client, we need to set the redirect URI postmessage.
$client->setRedirectUri($redirect_uri);
The only problem is I don't understand how to do this. What is $redirect_uri? I don't have a redirect url, becase when I implemented the Javascript SDK, there it said, that I don't have to use a redirect uri, because Javascript authentification is done in the same window, without redirects(just as I want it).
How could I proceed to solve the second and the third step mentioned above? Where could I find a non-hacky or not-very-much-hacky tutorial, to achieve my desired result?
EDIT:
What I basically want to achieve is the following things:
ask for permission to access Google Contacts from the user, WITHOUT redirecting him from my site(via a popup window)
Achieved this with the Javascript SDK
get an access token for this permission, and a refresh token, and STORE these in a database
Javascript SDK only grants an access token, and I don't want to pass this via an ajax call, because I feel this is unsecure
with the refresh token, generate access tokens server side for the user, and process data, and send the data back.
Here is how my PHP file looks at the moment:
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setScopes('https://www.googleapis.com/auth/plus.me');
$client->setRedirectUri($PHP_SELF);
$client->setState('offline');
$authUrl = $client->createAuthUrl();
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$result=$client->getAccessToken();
} else {
header("Location: ".$authUrl);
exit;
}
To achieve what I want, I should get the $_GET['code'] parameter somehow through the Javascript SDK, but I don't know how:|
After a few days of headache I figured this one out too... thanks Google for nothing, your documentation SUCKS.
$client->setRedirectUri($redirect_uri);
The $redirect_uri parameter should be a string: "postmessage", and when authenticating via javascript, you should ask for a CODE instead of a TOKEN, which you then send to your server side script, to authenticate and exchange for a token.
gapi.auth.authorize({client_id: googleApi.clientId, scope: googleApi.scopes, response_type: 'code', immediate: true}, g_handleAuthResult);
I followed this guide to use Google OAuth 2.0 authorization, but I can't understand how to implement request to retrieve access and refresh token in my Application. The code, as that guide say, is the current:
// Request an access token
OAuthAuthorization authorization = new OAuthAuthorization(
"https://accounts.google.com/o/oauth2/auth",
"https://accounts.google.com/o/oauth2/token");
TokenPair tokenPair = await authorization.Authorize(
ClientId,
ClientSecret,
new string[] {GoogleScopes.CloudPrint, GoogleScopes.Gmail});
// Request a new access token using the refresh token (when the access token was expired)
TokenPair refreshTokenPair = await authorization.RefreshAccessToken(
ClientId,
ClientSecret,
tokenPair.RefreshToken);
Where and how can I call this function in a generic Windows Phone application?
(Sorry if there this question it's duplicate, but I try to search and I only find as answers links to generic Google Apis guide)
You call it when it's necessary (when you need to get tokens). After that use official Google libraries to get access to API and provide them data from TokenPair. Plus, remember to get this (https://github.com/pieterderycke/MobileOAuth/blob/master/MobileOAuth/GoogleScopes.cs) in your project, so you can use GoogleScopes.