Generating OAUTH token for firebase cloud messaging PHP

View Original

Solution:

****** 2023 UPDATE ****** FCM http Legacy has been officially deprecated, and will be removed entirely by June 2024. Anybody using the http Legacy version should migrate to V1 instead. The example below uses V1 and not the http Legacy version :)

For anybody still looking for an answer to this (2021), in order to send a push message via your own PHP system to the Firebase messaging system you need an access token from Google Credentials. Here's how to do it - please note I've only done this in PHP Laravel, not raw PHP. But you should be able to locate the vanilla PHP solution to this by modifying the steps to suit (Also same with Code Igniter and other PHP libraries)

  1. In your http://console.firebase.google.com under project->settings->service accounts locate the Firebase service account. Generate a new private key and download the json file. Store it on your server somewhere users can't get to it.

  2. Install Google API Client. For Laravel this is:

      composer require google/apiclient --with-all-dependencies

  3. Open composer.json, and add to the autoload array. For Laravel this is:

     "classmap": [
     "vendor/google/apiclient/src/Google"
 ],

  4. Create a new Service class (or create a new Class if vanilla PHP), and add the following method for retrieving an access token:

    private function getGoogleAccessToken(){

     $credentialsFilePath = 'the-folder-and-filename-of-your-downloaded-service-account-file.json'; //replace this with your actual path and file name
     $client = new \Google_Client();
     $client->setAuthConfig($credentialsFilePath);
     $client->addScope('https://www.googleapis.com/auth/firebase.messaging');
     $client->refreshTokenWithAssertion();
     $token = $client->getAccessToken();
     return $token['access_token'];
}

  5. Now create a method to send all your message info to Firebase via CURL:

    public function sendMessage(){

 $apiurl = 'https://fcm.googleapis.com/v1/projects/your-project-id/messages:send';   //replace "your-project-id" with...your project ID

 $headers = [
         'Authorization: Bearer ' . $this->getGoogleAccessToken(),
         'Content-Type: application/json'
 ];

 $notification_tray = [
         'title'             => "Some title",
         'body'              => "Some content",
     ];

 $in_app_module = [
         "title"          => "Some data title (optional)",
         "body"           => "Some data body (optional)",
     ];
 //The $in_app_module array above can be empty - I use this to send variables in to my app when it is opened, so the user sees a popup module with the message additional to the generic task tray notification.

  $message = [
        'message' => [
             'notification'     => $notification_tray,
             'data'             => $in_app_module,
         ],
  ];

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $apiurl);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($message));

  $result = curl_exec($ch);

  if ($result === FALSE) {
      //Failed
      die('Curl failed: ' . curl_error($ch));
  }

  curl_close($ch);

}

Google recommends that you only use this method if you can't add the JSON file as an environmental variable on your server directly. I don't know why Google doesn't have better documentation on this subject for PHP, it seems to prefer node.js , Go, Java and C++.

Answer

Solution:

@james have provided a very useful and clear answer. You can follow his guide or For pure php Simply

  1. In your http://console.firebase.google.com under project->settings->service accounts locate the Firebase service account. Generate a new private key and download the json file. Upload to a location on your server
  2. Install Google API Client: composer require google/apiclient
  3. In your PHP file
require "./vendor/autoload.php";
$client= new Google_Client();
$client->setAuthConfig("path-downloaded-json-file.json");
$client->addScope('https://www.googleapis.com/auth/firebase.messaging');
$client->refreshTokenWithAssertion();
$token = $client->getAccessToken();
echo $token['access_token'];

Answer

Solution:

For anyone looking for an answer without the use of external libraries or packages. This code is based on this documentation from google: https://developers.google.com/identity/protocols/oauth2/service-account#httprest

Step 1: In your http://console.firebase.google.com under project->settings->service accounts locate the Firebase service account. Generate a new private key and download the json file.

// This function is needed, because php doesn't have support for base64UrlEncoded strings
function base64UrlEncode($text)
{
    return str_replace(
        ['+', '/', '='],
        ['-', '_', ''],
        base64_encode($text)
    );
}

// Read service account details
$authConfigString = file_get_contents("path_to_the_json_file_you_just_downloaded.json");

// Parse service account details
$authConfig = json_decode($authConfigString);

// Read private key from service account details
$secret = openssl_get_privatekey($authConfig->private_key);

// Create the token header
$header = json_encode([
    'typ' => 'JWT',
    'alg' => 'RS256'
]);

// Get seconds since 1 January 1970
$time = time();

// Allow 1 minute time deviation
$start = $time - 60;
$end = $time + 3600;

$payload = json_encode([
    "iss" => $authConfig->client_email,
    "scope" => "https://www.googleapis.com/auth/firebase.messaging",
    "aud" => "https://oauth2.googleapis.com/token",
    "exp" => $end,
    "iat" => $start
]);

// Encode Header
$base64UrlHeader = base64UrlEncode($header);

// Encode Payload
$base64UrlPayload = base64UrlEncode($payload);

// Create Signature Hash
$result = openssl_sign($base64UrlHeader . "." . $base64UrlPayload, $signature, $secret, OPENSSL_ALGO_SHA256);

// Encode Signature to Base64Url String
$base64UrlSignature = base64UrlEncode($signature);

// Create JWT
$jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;

//-----Request token------
$options = array('http' => array(
    'method'  => 'POST',
    'content' => 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion='.$jwt,
    'header'  =>
        "Content-Type: application/x-www-form-urlencoded"
));
$context  = stream_context_create($options);
$responseText = file_get_contents("https://oauth2.googleapis.com/token", false, $context);

$response = json_decode($responseText);

The response has 3 fields, access_token, expires_in, and token_type. Use the access_token in the calls to firebase to authenticate your call. You should also store this access_token together with the expires_in, and request a new token when it almost expires. The maximum lifetime of a token is 1 hour.

Answer

Solution:

First you need JWT!

You can find here Link for JWT GitHub

Creating access token:

use Firebase\JWT\JWT;
use Firebase\JWT\Key;


require 'vendors/php-jwt-main/src/JWT.php';
require 'vendors/php-jwt-main/src/Key.php';

function returnFireBaseTkn(){
    $jsonInfo = json_decode(file_get_contents("YOUR JSON FILE WITH CREDENTIAL HERE"), true);

    $now_seconds = time();
    
    $privateKey = $jsonInfo['private_key'];
    
    $payload = [
        'iss' => $jsonInfo['client_email'],
        'scope' => 'https://www.googleapis.com/auth/firebase.messaging',
        'aud' => $jsonInfo['token_uri'],
        //Token to be expired after 1 hour
        'exp' => $now_seconds + (60 * 60),
        'iat' => $now_seconds
    ];
    
    $jwt = JWT::encode($payload, $privateKey, 'RS256');
    
    // create curl resource
    $ch = curl_init();
    
    // set post fields
    $post = [
        'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        'assertion' => $jwt
    ];
    
    $ch = curl_init($jsonInfo['token_uri']);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    
    // execute!
    $response = curl_exec($ch);
    
    // close the connection, release resources used
    curl_close($ch);
    
    // do anything you want with your response
    $jsonObj = json_decode($response, true);

    return $jsonObj['access_token'];
}

Sending notification:

function sendNotif($info){

    $apiurl = 'https://fcm.googleapis.com/v1/projects/your-project-id/messages:send';

    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, $apiurl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($info));

    $headers = array(
    //It's normal to find .............................. on the access token!!
        'Authorization: Bearer ' . 'access_token_ID_here',
        'Content-Type: application/json'
    );

    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

    $result = curl_exec($ch);

    if (curl_errno($ch)) {
        echo 'Error:' . curl_error($ch);
    }
    curl_close($ch);
}

// Notification need to be in this format for single user!
$notification = array(
    "message" => array(
        "token" => "USER_ID",
        "notification" => array(
            "title" => "teste",
            "body" => "123"
        )
    )
);

sendNotif($notification);

If you want to use for a group of users:

$notification = array(
    "message" => array(
        "topic" => "GROUP_ID",
        "notification" => array(
            "title" => "teste",
            "body" => "123"
        )
    )
);

Source
© 2021
E-mail: contact@webdevask.com
Back to top