Iam
in package
Tools for using the IAM API.
Tags
Table of Contents
Constants
- IAM_API_ROOT = 'https://iamcredentials.googleapis.com/v1'
- SERVICE_ACCOUNT_NAME = 'projects/-/serviceAccounts/%s'
- SIGN_BLOB_PATH = '%s:signBlob?alt=json'
Properties
- $httpHandler : callable
Methods
- __construct() : mixed
- signBlob() : string
- Sign a string using the IAM signBlob API.
Constants
IAM_API_ROOT
public
mixed
IAM_API_ROOT
= 'https://iamcredentials.googleapis.com/v1'
SERVICE_ACCOUNT_NAME
public
mixed
SERVICE_ACCOUNT_NAME
= 'projects/-/serviceAccounts/%s'
SIGN_BLOB_PATH
public
mixed
SIGN_BLOB_PATH
= '%s:signBlob?alt=json'
Properties
$httpHandler
private
callable
$httpHandler
Methods
__construct()
public
__construct([callable $httpHandler = null ]) : mixed
Parameters
- $httpHandler : callable = null
-
[optional] The HTTP Handler to send requests.
signBlob()
Sign a string using the IAM signBlob API.
public
signBlob(string $email, string $accessToken, string $stringToSign[, array<string|int, mixed> $delegates = [] ]) : string
Note that signing using IAM requires your service account to have the
iam.serviceAccounts.signBlob permission, part of the "Service Account
Token Creator" IAM role.
Parameters
- $email : string
-
The service account email.
- $accessToken : string
-
An access token from the service account.
- $stringToSign : string
-
The string to be signed.
- $delegates : array<string|int, mixed> = []
-
[optional] A list of service account emails to add to the delegate chain. If omitted, the value of
$emailwill be used.
Return values
string —The signed string, base64-encoded.