I'm currently trying to implement a forgot password feature using the Google Identity Toolkit. The PHP backend is trying to get the oob code because client (iOS) does not have sufficient privileges.
Whenever I run the script I get an error of INVALID_CREDENTIALS, more specifically:
oob Code: string(249) "{ "error": { "errors": [ { "domain": "global", "reason": "authError", "message": "Invalid Credentials", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Invalid Credentials" } } "
I am not sure where to get the authToken or whether this is sending the post request correctly.
$authToken = "xxxxxxxxxxxxxxxxx";
$email = $_POST['email'];
$uIp = $_POST['ip'];
//Post Data in Array
$postData = array(
'kind' => 'identitytoolkit#relyingparty',
'requestType' => 'PASSWORD_RESET',
'email' => '$email',
'challenge' => 'verified',
'captchaResp' => 'verified',
'userIp' => '$uIp',
'newEmail' => 'null',
'idToken' => 'null'
);
//Setup cURL
$ch = curl_init('https://www.googleapis.com/identitytoolkit/v3/relyingparty/getOobConfirmationCode?key=xxxxxxxxxxxxxxxxxxxx');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: '.$authToken,
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode($postData)
));
//Send Request
$response = curl_exec($ch);
This documentation on the Google API PHP client shows you how to get an OAuth token for your app.
However, you will probably find it easier to use the Identity Toolkit specific PHP client. To generate the forgot-password link, all you need to do is call the getOobResults() method on an initialized GitkitClient.