Dtnand Dtnand - 2 months ago 16
PHP Question

Gmail PHP API gets wrong account emails

I'm developing a PHP that reads the emails from gmail using the Gmail API.

Basically I'm doing exactly as the quickstart page does (https://developers.google.com/gmail/api/quickstart/php).

So firstly I load the client:

require __DIR__ . '/Google/vendor/autoload.php';
$client = new Google_Client();
$client->setAuthConfigFile(__DIR__ . '/client_secret.json');
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$client->setScopes(Google_Service_Gmail::MAIL_GOOGLE_COM);
$client->setRedirectUri('http://' . $_SERVER['HTTP_HOST'] . '/index.php');


Then if I load the credentials from the db stored using an user id from my app.
If the credentials ar not present I do the redirect as the documentation sais:

$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));


After the authorization I get the access token using the code provided by google on my redirect url:

$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
//storing the data in the db
header('Location: /index.php');


Of course if the token expires I do the refresh during the authentication process:

if($client->isAccessTokenExpired()) {
$refreshToken = $client->getRefreshToken();
$client->fetchAccessTokenWithRefreshToken($refreshToken);
$newToken = $client->getAccessToken();
$newToken['refresh_token'] = $refreshToken;
//store the new token
}


So after this I can access the email list of my user, and it works perfectly.
The problem is that if I log in with my account, I see the correct email, but after loggin in with another account with another user I see the same emails form both accounts.

So for example if I authorize for the user 1 the account smith@gmail.com, then for the user 2 the email seth@gmail.com, in both cases I will see the same emails (from smith@gmail.com).

I have checked if the problem is mine, so if the access token loaded are the same, but is not like that unfortunately, the access tokens are different.

The other crazy thing is that if I refresh a token for the second account (smith@gmail.com), I will see the correct emails, but now seth, will see the smith emails.

What is going on? what I miss?

UPDATE:

I've tried every step and the problem is the access token, I've tried it also in another server but both returns the same emails.

I've also tried to get the auth code with seth@gmail.com and the manually I've retrieved the access token:

$token = $client->fetchAccessTokenWithAuthCode($code);


but no way, also doing this it will keeps authenticating me as the other email.

UPDATE:

The thing is getting stranger, I have tried to remove all part of the config file, and I use it only when I have to retrieve the auth code.

So in the request I pass only the access token array, what happens is that I can see the emails also completely removing the access token, so basically the client looks empty at the moment of the request.

(
[auth:Google_Client:private] =>
[http:Google_Client:private] =>
[cache:Google_Client:private] =>
[token:Google_Client:private] => Array
(
[access_token] => no token what so eva
)

[config:Google_Client:private] => Array
(
[application_name] =>
[base_path] => https://www.googleapis.com
[client_id] =>
[client_secret] =>
[redirect_uri] =>
[state] =>
[developer_key] =>
[use_application_default_credentials] =>
[signing_key] =>
[signing_algorithm] =>
[subject] =>
[hd] =>
[prompt] =>
[openid.realm] =>
[include_granted_scopes] =>
[login_hint] =>
[request_visible_actions] =>
[access_type] => online
[approval_prompt] => auto
[retry] => Array
(
)

)

[logger:Google_Client:private] =>
[deferExecution:Google_Client:private] =>
[requestedScopes:protected] => Array
(
)


)

Answer Source

I solved this by updating the client library to the latest version.