Up next in 10
PHP 7 cURL Google OAuth2 Login & Logout Script to Store Profile & Revoke Access Token in Sessions
Dec 10, 2025
Buy the full source code of the application here:
https://procodestore.com/index.php/product/php-7-curl-google-oauth2-login-logout-script-to-store-profile-revoke-access-token-in-sessions/
Show More Show Less View Video Transcript
0:00
Uh hello guys today in this tutorial I
0:02
will be showing you a PHP script which
0:05
will be able to login with Google or log
0:10
out as well. It's a O2 to script. So if
0:14
I go to the homepage of my application
0:16
localhost Google login it will redirect
0:19
me to this login screen where I can
0:20
select my Google account here. And uh
0:23
this is the same authorization flow
0:25
guys. If you select this account and uh
0:29
we will generate an authorization code
0:31
and then we will exchange that
0:33
authorization code using a a access
0:36
token and we will be storing that access
0:38
token in the session. So all these
0:40
things will be doing it in the
0:41
background. If I select my account, you
0:43
will now see it will redirect me to the
0:45
profile page and we basically have this
0:48
authorization code and we have exchanged
0:51
it with the access token with the help
0:53
of the XX token. Access token guys, we
0:56
are displaying the email of the person.
0:58
We are displaying the profile picture
1:00
and we also have this log out button
1:02
guys. So if I press this log out button
1:04
guys, what will happen?
1:06
I will revoke the access here. the
1:10
access token in the session will be
1:11
deleted and the revoke access once again
1:14
you will be redirected back to the login
1:16
page once again you need to select your
1:18
account and once again like this and now
1:21
if I close this window guys as you can
1:23
see in the session it is stored the
1:25
access token is saved so once again if
1:27
you open the application it will
1:29
redirect you to the profile page you no
1:31
longer have to select the account so but
1:35
if you basically log out here you clear
1:37
out the session and now if you open the
1:40
application you will once again need to
1:42
grant access. So if you go now go local
1:45
host Google login you will now see once
1:47
again you will be able to login here you
1:50
will see that
1:53
the same goes for every account guys. So
1:56
I can do it for any account.
2:01
So once again we need to select your
2:03
account and once again it will display
2:05
the same information like this.
2:08
So this is basically
2:10
we have developed it inside PHP guys and
2:13
we are using curl. Curl if you don't
2:15
know guys it's a uh way to basically
2:18
send out HTTP request inside uh it's a
2:21
command line tool but we are using it
2:23
inside PHP. So it's a computer software
2:26
project. It's a open source for
2:28
transferring data over the HTTP or URL.
2:31
So we will be using making use of this.
2:33
So all the source code guys I have given
2:35
in the description. You can basically
2:37
purchase the full source code. I will
2:39
write this source code step by step. So
2:41
now first of all guys just create your
2:44
index php file inside your root
2:46
directory. And we are having exam
2:48
control panel running inside. You will
2:50
see Apache server running on localhost
2:52
80 right here. And after this guys you
2:56
just need to make the PHP tag right
2:57
here. So we are not uh we are not using
3:00
any sort of SDK guys. We are writing
3:03
pure PHP code right here. And for this
3:05
first of all we need to start the
3:07
session right here at the top. So we
3:09
will invoke this method in order to
3:11
start the session. And then guys we do
3:13
need these three variables which is the
3:16
client ID, client secret and the
3:18
redirect URI. So all these three
3:20
information guys you will be getting it
3:22
from Google Cloud Console. Let me show
3:25
you how you can basically get this
3:27
information. So just type here Google
3:30
cloud console and uh you should have
3:33
your account inside that
3:36
after you do this uh
3:39
click on go to console and once you are
3:42
redirected to you go to your uh API
3:46
services and go to credentials and here
3:48
guys you need to make your credentials
3:51
click on that oath client ID and uh
3:55
basically here
3:57
select here web application and then you
3:59
need to provide authorization JavaScript
4:02
origins. So here guys you need if you're
4:05
developing it on local host you just
4:06
need to provide here http localhost
4:10
and then you just need to provide your
4:12
redirect URI. So basically this is my
4:15
directory structure. I am there inside
4:17
my Google login folder. So whatever is
4:19
your redirect URI if you if it is your
4:22
own website you can put your own website
4:24
as well but this is my redirect URI here
4:27
you will see Google login so just put
4:29
this right here and after that you will
4:33
get your client ID client secret so you
4:36
just need to put right here that's all
4:38
so after that guys we do also need the
4:41
token revocation so if you want to log
4:44
out the user you don't you do need this
4:47
URL token revocation
4:50
and with the help of this you will be
4:52
able to delete the access token or
4:54
revoke the access
4:56
so that the user will be log out
4:58
completely. So this is the URL guys now
5:02
and now guys what we will say basically
5:05
we will redirect the user if the code is
5:08
not present. So here we will use
5:10
basically the is set method of PHP and
5:13
here we will simply get dollar get and
5:16
if the code variable it if the code
5:18
variable is not present in the URL it is
5:21
simply saying that just put a semicolon
5:23
guys after each line in PHP. So you will
5:26
say that we need to
5:29
uh
5:31
redirect user.
5:33
Let me just show you. Let me execute
5:35
this code right here. So what will
5:37
happen guys? it will say in the URL if
5:39
the access code is not present then it
5:42
will print out this statement. So what
5:44
will happen now if you go to your
5:46
application localhost Google login so it
5:49
will acqu out this line right here
5:52
but if I provide the code variable right
5:55
here let's suppose uh
5:59
if the code is available I think like
6:02
this I think this needs to be a question
6:04
mark here
6:07
code is equal to 45 so now you can see
6:10
nothing will be printed out because we
6:12
have this code right here. So this
6:16
function simply check for this code
6:18
right here. We can also have a else
6:20
block here. Code is present.
6:25
So
6:27
you will now see parse syntax error. Let
6:30
me see. Oh sorry semicolon needs to be
6:32
there.
6:34
You'll see code is present. So I need to
6:36
explain each line of code guys. What
6:38
this line of code is doing. So basically
6:40
it is checking for this uh uh code
6:43
variable. It can be anything. You can
6:45
change this also. Let's suppose a
6:47
parameter param. I think if you are a
6:50
PHP developer you will be knowing this
6:52
function. You can even replace your
6:54
params. You need to change it here.
6:57
So if this parameter is present right
6:59
here then also it will print out the
7:01
same statement. If if it is not present
7:03
then it will say we need to redirect
7:05
users. So simply we are checking this
7:07
parameter guys which is the
7:08
authorization code. So if this code is
7:10
not present we need to redirect the
7:12
user. So now what we can do right here
7:14
we can basically build out this
7:17
authorization URL. So where we can say
7:19
that authorization URL. So here
7:22
basically this will be the login screen
7:25
accounts.google.com/o/2
7:31
version 2 o. This is a URL and uh here
7:35
we will pass the parameters. Guys, this
7:38
will be a simple array
7:41
and this will be response type and here
7:44
we need to have the authorization code.
7:47
So we will say that response type will
7:49
be code and the client ID will be the
7:52
client ID that we will use guys. We have
7:54
stored this inside the variable and the
7:57
redirect URI guys. So redirect URI will
8:00
be the redirect URI that we stored
8:04
and we also need to provide the scope
8:06
guys. So scope is nothing but what sort
8:09
of information that you want to uh take
8:12
from the Google API. So we need this two
8:16
scopes guys for the email address and
8:18
the profile pictures. So we need these
8:20
scopes. So googleapis.com/oth
8:24
user info this is the first scope and uh
8:29
it basically contains a profile user
8:31
info.profiles profiles. We need to fetch
8:32
the profile of the person and then you
8:35
need to provide a space guys. I think in
8:38
order to provide multiple Yeah, you do
8:41
need to provide a space here in order to
8:43
separate different scopes right here.
8:46
https
8:48
googleis.com/
8:53
userinfo.mmail.
8:55
That's all.
8:57
So that's all guys. These are the
8:59
information parameters that we will be
9:01
passing to this authorization URL. So
9:04
just put a semicolon and now we will use
9:06
the header function inside PHP guys. So
9:08
what we will say is that
9:10
we will say that location
9:15
and then we will concatenate this
9:16
authorization URL
9:19
and we will put a basically question
9:22
mark and then we will concatenate this
9:25
HTTP build query. You'll use this method
9:27
guys of PHP. Basically, it uh allows you
9:31
to pass parameters alongside with the
9:34
URL. So you can see that guys. So we are
9:37
redirecting the user to this URL
9:40
alongside passing these parameters.
9:43
So just put uh a semicolon right here
9:47
after this line
9:49
and exit out the program. That's all. So
9:52
now guys, what will happen if you
9:54
refresh the application? If you go to
9:56
it, the code is not present and it is
9:59
saying that uh the requested URL was not
10:03
found on the server.
10:05
Let me check.
10:14
Uh I think guys we have put some wrong
10:16
information right here. Let me check.
10:23
question mark.
10:26
I have given the code in the description
10:28
guys. So you can just copy the code.
10:30
Sometimes in the writing of the code
10:33
mistakes can happen. Let me paste this
10:36
code once again.
10:43
So if you refresh now guys what will
10:45
happen? You will see the code will be
10:47
there. This is basically the code here.
10:50
the code will automatically gets
10:53
generated. You will see that. Let me
10:54
again go to here
10:57
localhost Google login.
11:02
So you will be redirected to a screen
11:04
guys. You will see that you need to
11:05
select your account. So let me select my
11:07
account here. So as I select this
11:09
account guys, you will see in the
11:10
address bar our access code is
11:12
generated. You will see question mark
11:14
code is equal to. So this is basically
11:16
the authorization code guys. So now we
11:19
need to basically exchange this
11:21
authorization code with the access
11:22
token. Access token guys basically lets
11:25
you use the any Google API. Access token
11:28
grants you that access. So now we need
11:31
to basically store this access token. So
11:35
just after this line we will basically
11:36
create a variable which will be access
11:39
token URL.
11:42
And now we will have this uh
11:44
authorization code. So the URL for
11:48
having the access token is this URL guys
11:51
or to googleis.com/token.
11:54
And here we will basically again use the
11:57
same formula array. We will basically
11:59
this time we will pass the code. We can
12:03
get this using dollar get code
12:07
and then we will say the client ID. We
12:10
will pass the client ID as well.
12:14
This time we also need to pass the
12:16
client secret in order to get the access
12:18
token
12:21
and then we need to pass our
12:26
redirect URI
12:30
and the last parameter is grant type
12:33
guys which will be authorization code
12:40
that's all. So this is basically the
12:42
parameters guys we need to pass and once
12:44
again now we need to redirect the user
12:47
and this time we will use curl library
12:50
guys ch and we will initialize the curl
12:53
library this is pre-built inside PHP so
12:56
we don't need to install any sort of or
12:58
download any sort of package so curl in
13:01
it will basically initialize the curl
13:03
request and now we can use these uh curl
13:06
set option these are the methods and
13:10
here we will basically
13:11
pass the variables call opt URL
13:17
and the URL will be simply this URL
13:19
access token URL.
13:22
We are passing this URL right here using
13:24
call using this option
13:28
and we will once again use this method
13:31
set option
13:34
and uh here
13:37
this will be a post request. So we will
13:39
say that call opt post and to true. So
13:44
the basically it's a not a get request
13:46
it's a post request. We are passing
13:49
information. So now once again we will
13:51
use the same method call set option and
13:55
uh here we will basically
14:02
provide the post fields and here we will
14:05
once again use HTTP build query and we
14:09
will basically pass the parameters like
14:11
this.
14:15
And uh now guys after doing this we need
14:19
to say curl opt
14:22
SSL sorry return
14:26
transfer. So this is slightly
14:28
complicated code guys if you don't
14:30
studied curl about you will nothing
14:32
understand about this but you need to
14:34
write this code after you do this the
14:37
response will come guys. This basically
14:39
contains a curl execute method which
14:41
will execute the request and uh then you
14:45
can close the connection curl close like
14:47
this. This is basically the code guys
14:51
for exchanging the access token. Now we
14:54
can store this access token inside a
14:56
variable access token data. We can
15:00
decode the response by using JSON
15:02
decode. And then then we can pass the
15:05
response which has come and pass true
15:08
variable like this. And here we will
15:11
simply say we can echo out the access
15:14
token. So uh the access token is present
15:18
inside this property guys which is uh
15:21
this is basically the response access
15:23
token data and it contains a property
15:25
access token. That's all. Just put a se
15:28
semicolon and this will be our access
15:30
token guys. So if you now refresh your
15:32
application localhost Google login.
15:37
So it is saying undefined variable
15:39
response. Sorry I think response.
15:44
Sorry, this needs to be response
15:50
undefined area key access token.
16:01
Uh let me echo out this uh access token
16:04
data variable.
16:08
So now you can see that guys it's an
16:10
array. Here you will see that it's a
16:11
array to string conversion. So we are
16:14
getting this array right here. So it's a
16:15
response here access token data
16:17
response. So what we can do is that uh
16:20
we can have a if condition here if is
16:23
set
16:25
and here we can compare if uh basically
16:28
this access token data contains this
16:30
access token or not.
16:33
So if this access token is there in that
16:36
case we will store it inside the session
16:38
variable. So we will create a session
16:40
variable of access token
16:43
and inside this we will store this. So
16:46
this is basically contained inside.
16:50
You will see that we are storing it this
16:52
access token
16:57
and then we can echo out I think we can
16:59
echo out
17:01
session variable of
17:09
let me try a different account here uh
17:12
localhost Google login.
17:17
So once again grant the access. After
17:20
you grant the access guys, now you will
17:22
see this is your access token. So this
17:24
access token I think will last for uh 1
17:27
hour 3600 seconds. So with this help of
17:31
access token you can access any Google
17:33
API. You can basically upload to Google
17:35
drive, upload to YouTube or you can
17:38
grant uh access to the profile
17:40
information. So now how we can get the
17:42
profile information of the user after we
17:45
store this inside our session variable.
17:47
So this is very easy guys. Now to
17:49
retrieve the user info we will basically
17:52
again say user info url. We will
17:55
basically construct a URL. This will be
17:58
https
18:00
uh googleis.com/2
18:05
version one/ user info and you will see
18:09
we will basically pass this access token
18:12
as a argument. So we will say question
18:14
mark access token and uh here we will
18:19
boot dot and then we will say provide
18:22
the session variable
18:27
access token. That's all put a
18:30
semicolon. So now we will basically
18:33
again use curl here. we will initialize
18:36
curl in it
18:40
and then we will say call set option.
18:44
This will be a simple basically uh
18:48
request guys. So let me just refresh
18:50
copy this code. You can get this course
18:52
in the description purchase it. So
18:55
basically guys you can see that this is
18:57
slightly complicated code here and we
18:59
are basically sending the request here
19:01
and we are displaying this uh name email
19:04
profile picture and a log out button as
19:07
well. So if you now refresh your
19:09
application
19:13
if you see localhost
19:16
Google login.
19:18
So now you can see this is your name of
19:20
the person welcome. We have this
19:22
authorization code we exchange it for
19:24
the access token and with the help of
19:26
access token we are retrieving the user
19:28
info which is the name of the person the
19:30
email of the person the profile picture
19:32
and we also have this log out button. So
19:34
if you click this log out button guys,
19:36
it will basically make a request to the
19:37
revocation URL. We haven't made this
19:40
request. So now how we can do this? It's
19:43
very simple. Uh we do need to basically
19:46
go upwards here. Uh we can even add a
19:49
else block right here guys.
19:52
We can echo out error retrieving access
19:56
token
19:58
just for
20:00
if the access token is not generated
20:02
then you can add else block here and
20:05
basically now guys if you see we have
20:07
this log out button and if you click
20:09
this log out button question mark log
20:11
out so basically here uh we will bas if
20:14
condition here if the log out button has
20:17
been pressed. So how we can do that?
20:20
It's very simple.
20:23
Basically we will have if condition we
20:25
will again use is set method and we will
20:28
say dollar get if the logout parameter
20:32
is there guys inside the get request. So
20:35
we will perfectly know that it's a
20:37
logout request we need to remove the
20:40
access token from the session. We will
20:42
say we will store the access token
20:49
from the session. Here
20:56
we will retrieve it access token from
20:58
the session like this. So after this
21:01
guys we will simply compare if the
21:04
access token does exist in that case we
21:07
will basically have the revoke
21:10
parameters
21:11
and this time we will simply pass the
21:14
access token the token which will be
21:16
there
21:22
and then we will initialize another this
21:26
uh request guys which is call request
21:28
for requesting to remove that revoke the
21:31
access to the URL that we initialize.
21:34
This is the revoke URL guys. You will
21:36
see https o2 googleis.com/revoke
21:40
and here we are passing the access token
21:42
because we need to revoke the access. We
21:45
need to remove the user from we need to
21:47
log out the user. So we are after doing
21:49
this guys we can destroy our session
21:51
data as well. We can say that session
21:55
destroy
21:57
and then we can redirect the user back
21:59
to the homepage
22:03
which was location http localhost
22:07
Google login
22:12
semicolon. That's all guys. This is all
22:14
that we need to do inside this. So exit.
22:17
So once again if you I think let me do
22:21
it.
22:24
Now now
22:29
this is if you open this now the
22:33
information is stored inside our session
22:34
the access token. So if you open once
22:36
again it will redirect you to the
22:38
profile page. But if you now click log
22:41
out button guys you will be redirected
22:43
to the homepage.
22:45
Uh nothing happens. Let me see what
22:48
happened.
22:53
Let me take a brand new account guys. Uh
22:56
local host Google login.
23:01
You will see that uh
23:04
click log out.
23:06
Nothing happens. Uh
23:10
the link is given in the description
23:12
guys. I think I made a mistake in
23:14
writing this code right here. Let me
23:16
paste this code right here. Simply copy
23:18
paste it. Sometimes error can take
23:20
place. So this is the script guys. You
23:22
will see that
23:24
the code is there. Simply you need to
23:27
replace your client ID, client secret
23:28
and redirect URI. So now if I basically
23:31
execute this code localhost/ Google
23:34
login,
23:38
click log out, you will be redirected to
23:40
the homepage. You will see that guys
23:42
again. You select your account. you will
23:44
see that.
23:48
So now if you go to the homepage you
23:50
will be seeing this screen because you
23:51
are log out we have revoked the access
23:54
of access token you will see that but if
23:56
you grant the access here uh you will be
23:59
if you now go to the homepage it is save
24:01
saved inside our uh session variable. So
24:04
now if you open once again it will
24:06
redirect back to the homepage. So this
24:08
is the calls. We have used curl guys in
24:11
order to uh send HTTP request to the
24:13
Google API in order to retrieve the
24:15
access access token and the
24:17
authorization code. And we have stored
24:19
the access token inside sessions inside
24:21
PHP. This is a full Google login and
24:23
logout script. If you still want this
24:25
script, you can go to the description of
24:27
the video and purchase the full script
24:29
from stripe.com and after that you will
24:31
get a zip file. You will get this whole
24:33
PHP code right here. So, thank you very
24:36
much for watching this video and I will
24:38
be seeing you on the next tutorial.