I am developing an android application with google plus login. When the user try to login, I send the token to the server and verify it with google API using the official Official Google APIs Client Library for PHP
The error happened when I try to authenticate the access token, so i debug it and logged the response of the request result:
object(Google_Http_Request)#5 (14) { ["batchHeaders":"Google_Http_Request":private]=> array(3) { ["Content-Type"]=> string(16) "application/http" ["Content-Transfer-Encoding"]=> string(6) "binary" ["MIME-Version"]=> string(3) "1.0" } ["queryParams":protected]=> array(0) { } ["requestMethod":protected]=> string(4) "POST" ["requestHeaders":protected]=> array(2) { ["content-type"]=> string(33) "application/x-www-form-urlencoded" ["content-length"]=> int(254) } ["baseComponent":protected]=> string(27) "https://accounts.google.com" ["path":protected]=> string(15) "/o/oauth2/token" ["postBody":protected]=> string(254) "code=ya29.2QAkG7lKto3jZk-6ASgU0MUw_Wy7MdecJTudTkHC4D_XXXXXXFoDHct7C1g&grant_type=authorization_code&redirect_uri=&client_id=547769313690-XXXX.apps.googleusercontent.com&client_secret=hmOBOZk6EDJo-HVq4AMaIUwY" ["userAgent":protected]=> string(0) "" ["canGzip":protected]=> bool(false) ["responseHttpCode":protected]=> int(400) ["responseHeaders":protected]=> array(11) { ["content-type"]=> string(16) "application/json" ["cache-control"]=> string(46) "no-cache, no-store, max-age=0, must-revalidate" ["pragma"]=> string(8) "no-cache" ["expires"]=> string(29) "Fri, 01 Jan 1990 00:00:00 GMT" ["date"]=> string(29) "Thu, 11 Dec 2014 11:53:39 GMT" ["x-content-type-options"]=> string(7) "nosniff" ["x-frame-options"]=> string(10) "SAMEORIGIN" ["x-xss-protection"]=> string(13) "1; mode=block" ["server"]=> string(3) "GSE" ["alternate-protocol"]=> string(15) "443:quic,p=0.02" ["transfer-encoding"]=> string(7) "chunked" } ["responseBody":protected]=> string(80) "{ "error" : "invalid_grant", "error_description" : "Incorrect token type." }" ["expectedClass":protected]=> NULL ["accessKey"]=> NULL }
and here is my PHP code:
<?php
$google_client_id = 'XXX.apps.googleusercontent.com';
$google_client_secret = 'XXX-HVq4AMaIUwY';
$google_redirect_url = 'xxx';
$google_developer_key = 'XXXXXXXXX';
$google_application_name = 'XXX Login';
$google_application_scope = 'https://www.googleapis.com/auth/plus.me'; /* I only needed the basic user info */
$google_redirect_uri='';
//include google api files
require_once 'vendor/autoload.php';
$gClient = new Google_Client();
$gClient->setApplicationName($google_application_name);
$gClient->setClientId($google_client_id);
$gClient->setClientSecret($google_client_secret);
//$gClient->setRedirectUri($google_redirect_uri);
$gClient->setScopes($google_application_scope);
// $gClient->setDeveloperKey($google_developer_key);
//$gClient->setAccessType('offline');
$gClient->authenticate("ya29.2QAkG7lKto3jZk-6ASgU0MUw_Wy7MdecJTudTkHC4D_XXXXXX");
$token = json_decode($gClient->getAccessToken());
$google_oauthV2 = new Google_Service_Oauth2($gClient);
$user_info = $google_oauthV2->userinfo->get();
var_dump($user_info);
die();
I recently achieved the same thing with the help of the tutorial at http://www.sanwebe.com/2012/11/login-with-google-api-php
It appears that you've missed part of the OAuth flow. The authenticate function expects to receive the token sent from Google upon login.
It may also avoid potential issues to enter a valid redirect URI.
Hope that helps.