I want to implement OpenId of G Suite api to connect the user of my own php application and use the G Suite manage of user.
So I have write the example below :
in index.php I have load autoload.php (with google-api-php-client library)
$client = new \Google_Client();
$client->setClientId(CLIENT_ID);
$client->setClientSecret(SECRET);
$client->setAuthConfig(ROOT_PATH.CLIENT_SECRET_JSON_FILE);
$client->setAccessType("offline");
$client->setIncludeGrantedScopes(true);
$client->setHostedDomain('mydomain.com');
$client->addScope(\Google_Service_Oauth2::USERINFO_PROFILE);
$redirect = $_SERVER['HTTP_HOST'];
$redirect = 'myapplication.mydomain.com';
$client->setRedirectUri('https://' . $redirect . '/oauth2callback.php');
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
oauth2callback.php
$client = new \Google_Client();
$client->setClientId(CLIENT_ID);
$client->setClientSecret(SECRET);
$client->setAuthConfig(ROOT_PATH.CLIENT_SECRET_JSON_FILE);
$client->setRedirectUri('https://myapplication.mydomain.com/oauth2callback.php');
$client->setAccessType("offline");
$client->setIncludeGrantedScopes(true);
$client->setHostedDomain('mydomain.com');
if (!isset($_GET['code'])) {
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
}
else {
$client->fetchAccessTokenWithAuthCode($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$oauth = new \Google_Service_Oauth2($client);
var_dump($oauth->userinfo->get());
}
exit();
All is ok with this example, but, I can connect on my application with another account of my G Suite domain :-(
I don't understand where I must configure it to authorize only the user of my G Suite domain to access at my application. Can you help me ?
Thanks
I have found the solution :-) It's simple. The scope must be "email". If there is this value, Gsuite return automatically value in hd to check it. After the return, I juste test the value to compare with my Gsuite domain :-)