ServiceAccountJwtAccessCredentials
extends CredentialsLoader
in package
implements
GetQuotaProjectInterface, SignBlobInterface, ProjectIdProviderInterface
uses
ServiceAccountSignerTrait
Authenticates requests using Google's Service Account credentials via JWT Access.
This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via 'Generate new Json Key'). It is not part of any OAuth2 flow, rather it creates a JWT and sends that as a credential.
Table of Contents
Interfaces
- GetQuotaProjectInterface
- An interface implemented by objects that can get quota projects.
- SignBlobInterface
- Describes a class which supports signing arbitrary strings.
- ProjectIdProviderInterface
- Describes a Credentials object which supports fetching the project ID.
Constants
- ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'
- NON_WINDOWS_WELL_KNOWN_PATH_BASE = '.config'
- TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'
- WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json'
Properties
- $auth : OAuth2
- The OAuth2 instance used to conduct authorization.
- $quotaProject : mixed
- The quota project associated with the JSON credentials
Methods
- __construct() : mixed
- Create a new ServiceAccountJwtAccessCredentials.
- fetchAuthToken() : array<string|int, mixed>|void
- Implements FetchAuthTokenInterface#fetchAuthToken.
- fromEnv() : array<string|int, mixed>|null
- Load a JSON key from the path specified in the environment.
- fromWellKnownFile() : array<string|int, mixed>|null
- Load a JSON key from a well known path.
- getCacheKey() : string
- Obtains a key that can used to cache the results of #fetchAuthToken.
- getClientName() : string
- Get the client name from the keyfile.
- getLastReceivedToken() : array<string|int, mixed>
- Returns an associative array with the token and expiration time.
- getProjectId() : string|null
- Get the project ID from the service account keyfile.
- getQuotaProject() : string|null
- Get the quota project used for this API request
- getUpdateMetadataFunc() : array<string|int, mixed>
- export a callback function which updates runtime metadata.
- makeCredentials() : ServiceAccountCredentials|UserRefreshCredentials
- Create a new Credentials instance.
- makeHttpClient() : Client
- Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
- makeInsecureCredentials() : InsecureCredentials
- Create a new instance of InsecureCredentials.
- signBlob() : string
- Sign a string using the service account private key.
- updateMetadata() : array<string|int, mixed>
- Updates metadata with the authorization token.
- getGuzzleMajorVersion() : int
- Returns the currently available major Guzzle version.
- isOnWindows() : bool
- unableToReadEnv() : string
Constants
ENV_VAR
public
mixed
ENV_VAR
= 'GOOGLE_APPLICATION_CREDENTIALS'
NON_WINDOWS_WELL_KNOWN_PATH_BASE
public
mixed
NON_WINDOWS_WELL_KNOWN_PATH_BASE
= '.config'
TOKEN_CREDENTIAL_URI
public
mixed
TOKEN_CREDENTIAL_URI
= 'https://oauth2.googleapis.com/token'
WELL_KNOWN_PATH
public
mixed
WELL_KNOWN_PATH
= 'gcloud/application_default_credentials.json'
Properties
$auth
The OAuth2 instance used to conduct authorization.
protected
OAuth2
$auth
$quotaProject
The quota project associated with the JSON credentials
protected
mixed
$quotaProject
Methods
__construct()
Create a new ServiceAccountJwtAccessCredentials.
public
__construct(string|array<string|int, mixed> $jsonKey[, string|array<string|int, mixed> $scope = null ]) : mixed
Parameters
- $jsonKey : string|array<string|int, mixed>
-
JSON credential file path or JSON credentials as an associative array
- $scope : string|array<string|int, mixed> = null
-
the scope of the access request, expressed either as an Array or as a space-delimited String.
fetchAuthToken()
Implements FetchAuthTokenInterface#fetchAuthToken.
public
fetchAuthToken([callable $httpHandler = null ]) : array<string|int, mixed>|void
Parameters
- $httpHandler : callable = null
Return values
array<string|int, mixed>|void —A set of auth related metadata, containing the following keys:
- access_token (string)
fromEnv()
Load a JSON key from the path specified in the environment.
public
static fromEnv() : array<string|int, mixed>|null
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
Return values
array<string|int, mixed>|null —JSON key | null
fromWellKnownFile()
Load a JSON key from a well known path.
public
static fromWellKnownFile() : array<string|int, mixed>|null
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
Return values
array<string|int, mixed>|null —JSON key | null
getCacheKey()
Obtains a key that can used to cache the results of #fetchAuthToken.
public
getCacheKey() : string
Return values
stringgetClientName()
Get the client name from the keyfile.
public
getClientName([callable $httpHandler = null ]) : string
In this case, it returns the keyfile's client_email key.
Parameters
- $httpHandler : callable = null
-
Not used by this credentials type.
Return values
stringgetLastReceivedToken()
Returns an associative array with the token and expiration time.
public
getLastReceivedToken() : array<string|int, mixed>
Return values
array<string|int, mixed>getProjectId()
Get the project ID from the service account keyfile.
public
getProjectId([callable $httpHandler = null ]) : string|null
Returns null if the project ID does not exist in the keyfile.
Parameters
- $httpHandler : callable = null
-
Not used by this credentials type.
Return values
string|nullgetQuotaProject()
Get the quota project used for this API request
public
getQuotaProject() : string|null
Return values
string|nullgetUpdateMetadataFunc()
export a callback function which updates runtime metadata.
public
getUpdateMetadataFunc() : array<string|int, mixed>
Return values
array<string|int, mixed> —updateMetadata function
makeCredentials()
Create a new Credentials instance.
public
static makeCredentials(string|array<string|int, mixed> $scope, array<string|int, mixed> $jsonKey[, string|array<string|int, mixed> $defaultScope = null ]) : ServiceAccountCredentials|UserRefreshCredentials
Parameters
- $scope : string|array<string|int, mixed>
-
the scope of the access request, expressed either as an Array or as a space-delimited String.
- $jsonKey : array<string|int, mixed>
-
the JSON credentials.
- $defaultScope : string|array<string|int, mixed> = null
-
The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.
Return values
ServiceAccountCredentials|UserRefreshCredentialsmakeHttpClient()
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
public
static makeHttpClient(FetchAuthTokenInterface $fetcher[, array<string|int, mixed> $httpClientOptions = [] ][, callable $httpHandler = null ][, callable $tokenCallback = null ]) : Client
Parameters
- $fetcher : FetchAuthTokenInterface
-
is used to fetch the auth token
- $httpClientOptions : array<string|int, mixed> = []
-
(optional) Array of request options to apply.
- $httpHandler : callable = null
-
(optional) http client to fetch the token.
- $tokenCallback : callable = null
-
(optional) function to be called when a new token is fetched.
Return values
ClientmakeInsecureCredentials()
Create a new instance of InsecureCredentials.
public
static makeInsecureCredentials() : InsecureCredentials
Return values
InsecureCredentialssignBlob()
Sign a string using the service account private key.
public
signBlob(string $stringToSign[, bool $forceOpenssl = false ]) : string
Parameters
- $stringToSign : string
- $forceOpenssl : bool = false
-
Whether to use OpenSSL regardless of whether phpseclib is installed. Defaults to
false.
Return values
stringupdateMetadata()
Updates metadata with the authorization token.
public
updateMetadata(array<string|int, mixed> $metadata[, string $authUri = null ][, callable $httpHandler = null ]) : array<string|int, mixed>
Parameters
- $metadata : array<string|int, mixed>
-
metadata hashmap
- $authUri : string = null
-
optional auth uri
- $httpHandler : callable = null
-
callback which delivers psr7 request
Return values
array<string|int, mixed> —updated metadata hashmap
getGuzzleMajorVersion()
Returns the currently available major Guzzle version.
private
static getGuzzleMajorVersion() : int
Return values
intisOnWindows()
private
static isOnWindows() : bool
Return values
boolunableToReadEnv()
private
static unableToReadEnv(string $cause) : string
Parameters
- $cause : string