Documentation

AppIdentityCredentials extends CredentialsLoader
in package
implements SignBlobInterface, ProjectIdProviderInterface

AppIdentityCredentials supports authorization on Google App Engine.

It can be used to authorize requests using the AuthTokenMiddleware or AuthTokenSubscriber, but will only succeed if being run on App Engine:

Example:

use Google\Auth\Credentials\AppIdentityCredentials;
use Google\Auth\Middleware\AuthTokenMiddleware;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;

$gae = new AppIdentityCredentials('https://www.googleapis.com/auth/books');
$middleware = new AuthTokenMiddleware($gae);
$stack = HandlerStack::create();
$stack->push($middleware);

$client = new Client([
    'handler' => $stack,
    'base_uri' => 'https://www.googleapis.com/books/v1',
    'auth' => 'google_auth'
]);

$res = $client->get('volumes?q=Henry+David+Thoreau&country=US');

Table of Contents

Interfaces

SignBlobInterface
Describes a class which supports signing arbitrary strings.
ProjectIdProviderInterface
Describes a Credentials object which supports fetching the project ID.

Constants

ENV_VAR  = 'GOOGLE_APPLICATION_CREDENTIALS'
NON_WINDOWS_WELL_KNOWN_PATH_BASE  = '.config'
TOKEN_CREDENTIAL_URI  = 'https://oauth2.googleapis.com/token'
WELL_KNOWN_PATH  = 'gcloud/application_default_credentials.json'

Properties

$lastReceivedToken  : array<string|int, mixed>
Result of fetchAuthToken.
$clientName  : string
$scope  : array<string|int, mixed>
Array of OAuth2 scopes to be requested.

Methods

__construct()  : mixed
fetchAuthToken()  : array<string|int, mixed>
Implements FetchAuthTokenInterface#fetchAuthToken.
fromEnv()  : array<string|int, mixed>|null
Load a JSON key from the path specified in the environment.
fromWellKnownFile()  : array<string|int, mixed>|null
Load a JSON key from a well known path.
getCacheKey()  : string
Caching is handled by the underlying AppIdentityService, return empty string to prevent caching.
getClientName()  : string
Get the client name from AppIdentityService.
getLastReceivedToken()  : array<string|int, mixed>|null
Returns an associative array with the token and expiration time.
getProjectId()  : string|null
Get the project ID from AppIdentityService.
getUpdateMetadataFunc()  : array<string|int, mixed>
export a callback function which updates runtime metadata.
makeCredentials()  : ServiceAccountCredentials|UserRefreshCredentials
Create a new Credentials instance.
makeHttpClient()  : Client
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
makeInsecureCredentials()  : InsecureCredentials
Create a new instance of InsecureCredentials.
onAppEngine()  : bool
Determines if this an App Engine instance, by accessing the SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME environment variable (dev).
signBlob()  : string
Sign a string using AppIdentityService.
updateMetadata()  : array<string|int, mixed>
Updates metadata with the authorization token.
checkAppEngineContext()  : mixed
getGuzzleMajorVersion()  : int
Returns the currently available major Guzzle version.
isOnWindows()  : bool
unableToReadEnv()  : string

Constants

NON_WINDOWS_WELL_KNOWN_PATH_BASE

public mixed NON_WINDOWS_WELL_KNOWN_PATH_BASE = '.config'

TOKEN_CREDENTIAL_URI

public mixed TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'

WELL_KNOWN_PATH

public mixed WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json'

Properties

$lastReceivedToken

Result of fetchAuthToken.

protected array<string|int, mixed> $lastReceivedToken

Methods

__construct()

public __construct([array<string|int, mixed> $scope = array() ]) : mixed
Parameters
$scope : array<string|int, mixed> = array()

One or more scopes.

fetchAuthToken()

Implements FetchAuthTokenInterface#fetchAuthToken.

public fetchAuthToken([callable $httpHandler = null ]) : array<string|int, mixed>

Fetches the auth tokens using the AppIdentityService if available. As the AppIdentityService uses protobufs to fetch the access token, the GuzzleHttp\ClientInterface instance passed in will not be used.

Parameters
$httpHandler : callable = null

callback which delivers psr7 request

Return values
array<string|int, mixed>

A set of auth related metadata, containing the following keys: - access_token (string) - expiration_time (string)

fromEnv()

Load a JSON key from the path specified in the environment.

public static fromEnv() : array<string|int, mixed>|null

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return values
array<string|int, mixed>|null

JSON key | null

fromWellKnownFile()

Load a JSON key from a well known path.

public static fromWellKnownFile() : array<string|int, mixed>|null

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Return values
array<string|int, mixed>|null

JSON key | null

getCacheKey()

Caching is handled by the underlying AppIdentityService, return empty string to prevent caching.

public getCacheKey() : string
Return values
string

getClientName()

Get the client name from AppIdentityService.

public getClientName([callable $httpHandler = null ]) : string

Subsequent calls to this method will return a cached value.

Parameters
$httpHandler : callable = null

Not used in this implementation.

Tags
throws
Exception

If AppEngine SDK or mock is not available.

Return values
string

getLastReceivedToken()

Returns an associative array with the token and expiration time.

public getLastReceivedToken() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|null

getProjectId()

Get the project ID from AppIdentityService.

public getProjectId([callable $httpHander = null ]) : string|null

Returns null if AppIdentityService is unavailable.

Parameters
$httpHander : callable = null
Return values
string|null

getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

public getUpdateMetadataFunc() : array<string|int, mixed>
Return values
array<string|int, mixed>

updateMetadata function

makeCredentials()

Create a new Credentials instance.

public static makeCredentials(string|array<string|int, mixed> $scope, array<string|int, mixed> $jsonKey[, string|array<string|int, mixed> $defaultScope = null ]) : ServiceAccountCredentials|UserRefreshCredentials
Parameters
$scope : string|array<string|int, mixed>

the scope of the access request, expressed either as an Array or as a space-delimited String.

$jsonKey : array<string|int, mixed>

the JSON credentials.

$defaultScope : string|array<string|int, mixed> = null

The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Return values
ServiceAccountCredentials|UserRefreshCredentials

makeHttpClient()

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

public static makeHttpClient(FetchAuthTokenInterface $fetcher[, array<string|int, mixed> $httpClientOptions = [] ][, callable $httpHandler = null ][, callable $tokenCallback = null ]) : Client
Parameters
$fetcher : FetchAuthTokenInterface

is used to fetch the auth token

$httpClientOptions : array<string|int, mixed> = []

(optional) Array of request options to apply.

$httpHandler : callable = null

(optional) http client to fetch the token.

$tokenCallback : callable = null

(optional) function to be called when a new token is fetched.

Return values
Client

onAppEngine()

Determines if this an App Engine instance, by accessing the SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME environment variable (dev).

public static onAppEngine() : bool
Return values
bool

true if this an App Engine Instance, false otherwise

signBlob()

Sign a string using AppIdentityService.

public signBlob(string $stringToSign[, bool $forceOpenSsl = false ]) : string
Parameters
$stringToSign : string

The string to sign.

$forceOpenSsl : bool = false

[optional] Does not apply to this credentials type.

Tags
throws
Exception

If AppEngine SDK or mock is not available.

Return values
string

The signature, base64-encoded.

updateMetadata()

Updates metadata with the authorization token.

public updateMetadata(array<string|int, mixed> $metadata[, string $authUri = null ][, callable $httpHandler = null ]) : array<string|int, mixed>
Parameters
$metadata : array<string|int, mixed>

metadata hashmap

$authUri : string = null

optional auth uri

$httpHandler : callable = null

callback which delivers psr7 request

Return values
array<string|int, mixed>

updated metadata hashmap

getGuzzleMajorVersion()

Returns the currently available major Guzzle version.

private static getGuzzleMajorVersion() : int
Return values
int

unableToReadEnv()

private static unableToReadEnv(string $cause) : string
Parameters
$cause : string
Return values
string 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results