I have two website let say www.abc.com and www.xyz.com i want to login on abc.com using Google i got access token in response when i decode that token i got something like that
Now I want to verify that the access token is from www.abc.com not from www.xyz.com how can I uniquely identify that…. ( Same in case of Apple Login )
Here is my code
if (!isset($post['device']) || !in_array($post['device'], ['ios', 'android','huawei'])) {
//translateable string.
$result[0] = [
'success' => false,
'message' => 'There is a processing error.'
];
return $result;
}
if(isset($post['device']) && $post['device'] == "ios") {
$iosClientIdGmail = $this->_helper->getIosClientIdGmail();
if ($post['fme_login_type'] == 'gmail') {
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$tokenParts = explode(".", $post['fme_access_token']);
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
if($jwtPayload->azp != $iosClientIdGmail) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else {
$iosClientId = $this->_helper->getIosClientId();
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$fmeAccessToken = base64_decode($post['fme_access_token']);
if (!empty($fmeAccessToken)) {
$fmeAccessToken = json_decode($fmeAccessToken, true);
}
if(isset($fmeAccessToken['token'])) {
$tokenParts = explode(".", $fmeAccessToken['token']);
if(!empty($tokenParts[1])) {
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
if($jwtPayload->aud != $iosClientId) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
}
} elseif(isset($post['device']) && $post['device'] == "android") {
if ($post['fme_login_type'] == 'gmail') { //Gmail
$andoridClientId = $this->_helper->getAndoridClientId();
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$tokenParts = explode(".", $post['fme_access_token']);
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
echo "<pre>"; print_r($jwtPayload); exit;
if($jwtPayload->azp != $andoridClientId) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else { //Apple
$iosClientId = $this->_helper->getAndriodClientIdApple();
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$fmeAccessToken = base64_decode($post['fme_access_token']);
if (!empty($fmeAccessToken)) {
$fmeAccessToken = json_decode($fmeAccessToken, true);
}
if(isset($fmeAccessToken['token'])) {
$tokenParts = explode(".", $fmeAccessToken['token']);
if(!empty($tokenParts[1])) {
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
if($jwtPayload->aud != $iosClientId) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
}
} elseif(isset($post['device']) && $post['device'] == "huawei") { //for huawei device
if ($post['fme_login_type'] == 'gmail') { //Gmail
$andoridClientId = $this->_helper->getHuaweiClientId();
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$tokenParts = explode(".", $post['fme_access_token']);
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
if($jwtPayload->azp != $andoridClientId) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else { //Apple
$iosClientId = $this->_helper->getAndriodClientIdApple();
if(!isset($post['fme_access_token']) || empty($post['fme_access_token'])) {
$result[0] = [
'success' => false,
'message' => 'Access Token Is Empty'
];
return $result;
}
$fmeAccessToken = base64_decode($post['fme_access_token']);
if (!empty($fmeAccessToken)) {
$fmeAccessToken = json_decode($fmeAccessToken, true);
}
if(isset($fmeAccessToken['token'])) {
$tokenParts = explode(".", $fmeAccessToken['token']);
if(!empty($tokenParts[1])) {
$tokenPayload = base64_decode($tokenParts[1]);
$jwtPayload = json_decode($tokenPayload);
if($jwtPayload->aud != $iosClientId) {
$result[0] = [
'success' => false,
'message' => 'Unauthorized Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
} else {
$result[0] = [
'success' => false,
'message' => 'Invalid Token'
];
return $result;
}
}
}
Please help.. Thanks in advanced !!
5