AccessToken
in package
Wrapper around Google Access Tokens which provides convenience functions.
Tags
Table of Contents
Constants
- FEDERATED_SIGNON_CERT_URL = 'https://www.googleapis.com/oauth2/v3/certs'
- IAP_CERT_URL = 'https://www.gstatic.com/iap/verify/public_key-jwk'
- IAP_ISSUER = 'https://cloud.google.com/iap'
- OAUTH2_ISSUER = 'accounts.google.com'
- OAUTH2_ISSUER_HTTPS = 'https://accounts.google.com'
- OAUTH2_REVOKE_URI = 'https://oauth2.googleapis.com/revoke'
Properties
- $cache : CacheItemPoolInterface
- $httpHandler : callable
Methods
- __construct() : mixed
- revoke() : bool
- Revoke an OAuth2 access token or refresh token. This method will revoke the current access token, if a token isn't provided.
- verify() : array<string|int, mixed>|bool
- Verifies an id token and returns the authenticated apiLoginTicket.
- callJwtStatic() : mixed
- Provide a hook to mock calls to the JWT static methods.
- callSimpleJwtDecode() : mixed
- Provide a hook to mock calls to the JWT static methods.
- checkAndInitializePhpsec() : mixed
- checkSimpleJwt() : mixed
- determineAlg() : string
- Identifies the expected algorithm to verify by looking at the "alg" key of the provided certs.
- getCacheKeyFromCertLocation() : string
- Generate a cache key based on the cert location using sha1 with the exception of using "federated_signon_certs_v3" to preserve BC.
- getCerts() : array<string|int, mixed>
- Gets federated sign-on certificates to use for verifying identity tokens.
- retrieveCertsFromLocation() : array<string|int, mixed>
- Retrieve and cache a certificates file.
- setPhpsecConstants() : mixed
- phpseclib calls "phpinfo" by default, which requires special whitelisting in the AppEngine VM environment. This function sets constants to bypass the need for phpseclib to check phpinfo
- verifyEs256() : array<string|int, mixed>|bool
- Verifies an ES256-signed JWT.
- verifyRs256() : array<string|int, mixed>|bool
- Verifies an RS256-signed JWT.
Constants
FEDERATED_SIGNON_CERT_URL
public
mixed
FEDERATED_SIGNON_CERT_URL
= 'https://www.googleapis.com/oauth2/v3/certs'
IAP_CERT_URL
public
mixed
IAP_CERT_URL
= 'https://www.gstatic.com/iap/verify/public_key-jwk'
IAP_ISSUER
public
mixed
IAP_ISSUER
= 'https://cloud.google.com/iap'
OAUTH2_ISSUER
public
mixed
OAUTH2_ISSUER
= 'accounts.google.com'
OAUTH2_ISSUER_HTTPS
public
mixed
OAUTH2_ISSUER_HTTPS
= 'https://accounts.google.com'
OAUTH2_REVOKE_URI
public
mixed
OAUTH2_REVOKE_URI
= 'https://oauth2.googleapis.com/revoke'
Properties
$cache
private
CacheItemPoolInterface
$cache
$httpHandler
private
callable
$httpHandler
Methods
__construct()
public
__construct([callable $httpHandler = null ][, CacheItemPoolInterface $cache = null ]) : mixed
Parameters
- $httpHandler : callable = null
-
[optional] An HTTP Handler to deliver PSR-7 requests.
- $cache : CacheItemPoolInterface = null
-
[optional] A PSR-6 compatible cache implementation.
revoke()
Revoke an OAuth2 access token or refresh token. This method will revoke the current access token, if a token isn't provided.
public
revoke(string|array<string|int, mixed> $token[, array<string|int, mixed> $options = [] ]) : bool
Parameters
- $token : string|array<string|int, mixed>
-
The token (access token or a refresh token) that should be revoked.
- $options : array<string|int, mixed> = []
-
[optional] Configuration options.
Return values
bool —Returns True if the revocation was successful, otherwise False.
verify()
Verifies an id token and returns the authenticated apiLoginTicket.
public
verify(string $token[, bool $options = [] ]) : array<string|int, mixed>|bool
Throws an exception if the id token is not valid. The audience parameter can be used to control which id tokens are accepted. By default, the id token must have been issued to this OAuth2 client.
Parameters
- $token : string
-
The JSON Web Token to be verified.
- $options : bool = []
-
.throwException Whether the function should throw an exception if the verification fails. This is useful for determining the reason verification failed.
Tags
Return values
array<string|int, mixed>|bool —the token payload, if successful, or false if not.
callJwtStatic()
Provide a hook to mock calls to the JWT static methods.
protected
callJwtStatic(string $method[, array<string|int, mixed> $args = [] ]) : mixed
Parameters
- $method : string
- $args : array<string|int, mixed> = []
callSimpleJwtDecode()
Provide a hook to mock calls to the JWT static methods.
protected
callSimpleJwtDecode([array<string|int, mixed> $args = [] ]) : mixed
Parameters
- $args : array<string|int, mixed> = []
checkAndInitializePhpsec()
private
checkAndInitializePhpsec() : mixed
checkSimpleJwt()
private
checkSimpleJwt() : mixed
determineAlg()
Identifies the expected algorithm to verify by looking at the "alg" key of the provided certs.
private
determineAlg(array<string|int, mixed> $certs) : string
Parameters
- $certs : array<string|int, mixed>
-
Certificate array according to the JWK spec (see https://tools.ietf.org/html/rfc7517).
Return values
string —The expected algorithm, such as "ES256" or "RS256".
getCacheKeyFromCertLocation()
Generate a cache key based on the cert location using sha1 with the exception of using "federated_signon_certs_v3" to preserve BC.
private
getCacheKeyFromCertLocation(string $certsLocation) : string
Parameters
- $certsLocation : string
Return values
stringgetCerts()
Gets federated sign-on certificates to use for verifying identity tokens.
private
getCerts(string $location, string $cacheKey[, array<string|int, mixed> $options = [] ]) : array<string|int, mixed>
Returns certs as array structure, where keys are key ids, and values are PEM encoded certificates.
Parameters
- $location : string
-
The location from which to retrieve certs.
- $cacheKey : string
-
The key under which to cache the retrieved certs.
- $options : array<string|int, mixed> = []
-
[optional] Configuration options.
Tags
Return values
array<string|int, mixed>retrieveCertsFromLocation()
Retrieve and cache a certificates file.
private
retrieveCertsFromLocation(mixed $url[, array<string|int, mixed> $options = [] ]) : array<string|int, mixed>
Parameters
- $url : mixed
-
string location
- $options : array<string|int, mixed> = []
-
[optional] Configuration options.
Tags
Return values
array<string|int, mixed> —certificates
setPhpsecConstants()
phpseclib calls "phpinfo" by default, which requires special whitelisting in the AppEngine VM environment. This function sets constants to bypass the need for phpseclib to check phpinfo
private
setPhpsecConstants() : mixed
Tags
verifyEs256()
Verifies an ES256-signed JWT.
private
verifyEs256(string $token, array<string|int, mixed> $certs[, string|null $audience = null ][, string|null $issuer = null ]) : array<string|int, mixed>|bool
Parameters
- $token : string
-
The JSON Web Token to be verified.
- $certs : array<string|int, mixed>
-
Certificate array according to the JWK spec (see https://tools.ietf.org/html/rfc7517).
- $audience : string|null = null
-
If set, returns false if the provided audience does not match the "aud" claim on the JWT.
- $issuer : string|null = null
-
If set, returns false if the provided issuer does not match the "iss" claim on the JWT.
Return values
array<string|int, mixed>|bool —the token payload, if successful, or false if not.
verifyRs256()
Verifies an RS256-signed JWT.
private
verifyRs256(string $token, array<string|int, mixed> $certs[, string|null $audience = null ][, string|null $issuer = null ]) : array<string|int, mixed>|bool
Parameters
- $token : string
-
The JSON Web Token to be verified.
- $certs : array<string|int, mixed>
-
Certificate array according to the JWK spec (see https://tools.ietf.org/html/rfc7517).
- $audience : string|null = null
-
If set, returns false if the provided audience does not match the "aud" claim on the JWT.
- $issuer : string|null = null
-
If set, returns false if the provided issuer does not match the "iss" claim on the JWT.
Return values
array<string|int, mixed>|bool —the token payload, if successful, or false if not.