I’m working on user authentication and running into some issues. I managed to set up OpenID login functionality, but I’m only getting back a basic identity URL like https://www.google.com/accounts/o8/id?id=yyy. This doesn’t include the user’s actual email address, which I need for my application.
I tried using the $auth->getData() method but it just returns an empty array. Google seems to only provide that basic identity string and nothing more.
My goal is simple - I want users to log in with their Google account AND I need access to their email address. Should I be using OAuth instead of OpenID for this? The documentation I’ve found is either too complex or doesn’t explain the basics clearly.
Has anyone dealt with this before? What’s the best approach to get both authentication and email access from Google accounts?
Google killed OpenID 2.0 in 2017 - that’s why you’re hitting these issues. That identity URL won’t give you anything useful beyond basic auth. You need to switch to OAuth 2.0 with Google’s Sign-In API. I went through this same headache when they phased out OpenID support. OAuth lets you grab email addresses and profile data, but you’ve got to request the right scopes. Add email and profile scopes to your auth request. Once you’re authenticated, hit Google’s userinfo endpoint for the actual email and profile info. It’s actually cleaner than OpenID once you get it working.
Switching from OpenID to OAuth 2.0 fixed this for me too. The thing that got me at first - you need the email scope AND you have to call the right endpoint after. Once you get your access token, make a separate request to https://www.googleapis.com/oauth2/v2/userinfo with the token in the header. The token alone won’t give you email data. Also, users can still deny email permission even when you request it, so handle that gracefully. Google’s OAuth 2.0 docs are way better than their old OpenID stuff.
yeah, OpenID’s defunct for Google now. OAuth2 is the way to go. double-check your redirect URIs in the Google console, otherwise things won’t function right. for fetching the email, use this scope: https://www.googleapis.com/auth/userinfo.email.