+class Google extends AbstractProvider
+{
+ use BearerAuthorizationTrait;
+
+ const ACCESS_TOKEN_RESOURCE_OWNER_ID = 'id';
+
+ /**
+ * @var string If set, this will be sent to google as the "access_type" parameter.
+ * @link https://developers.google.com/accounts/docs/OAuth2WebServer#offline
+ */
+ protected $accessType;
+
+ /**
+ * @var string If set, this will be sent to google as the "hd" parameter.
+ * @link https://developers.google.com/accounts/docs/OAuth2Login#hd-param
+ */
+ protected $hostedDomain;
+
+ /**
+ * @var string If set, this will be sent to google as the "scope" parameter.
+ * @link https://developers.google.com/gmail/api/auth/scopes
+ */
+ protected $scope;
+
+ public function getBaseAuthorizationUrl()
+ {
+ return 'https://accounts.google.com/o/oauth2/auth';
+ }
+
+ public function getBaseAccessTokenUrl(array $params)
+ {
+ return 'https://accounts.google.com/o/oauth2/token';
+ }
+
+ public function getResourceOwnerDetailsUrl(AccessToken $token)
+ {
+ return ' ';
+ }
+
+ protected function getAuthorizationParameters(array $options)
+ {
+ if (is_array($this->scope)) {
+ $separator = $this->getScopeSeparator();
+ $this->scope = implode($separator, $this->scope);
+ }
+
+ $params = array_merge(
+ parent::getAuthorizationParameters($options),
+ array_filter([
+ 'hd' => $this->hostedDomain,
+ 'access_type' => $this->accessType,
+ 'scope' => $this->scope,
+ // if the user is logged in with more than one account ask which one to use for the login!
+ 'authuser' => '-1'
+ ])
+ );
+ return $params;
+ }
+
+ protected function getDefaultScopes()
+ {
+ return [
+ 'email',
+ 'openid',
+ 'profile',
+ ];
+ }
+
+ protected function getScopeSeparator()
+ {
+ return ' ';
+ }
+
+ protected function checkResponse(ResponseInterface $response, $data)
+ {
+ if (!empty($data['error'])) {
+ $code = 0;
+ $error = $data['error'];
+
+ if (is_array($error)) {
+ $code = $error['code'];
+ $error = $error['message'];
+ }
+
+ throw new IdentityProviderException($error, $code, $data);
+ }
+ }
+
+ protected function createResourceOwner(array $response, AccessToken $token)
+ {
+ return new GoogleUser($response);
+ }
+}
+
+