1. class
  2. Google
  3. \
  4. Auth
  5. \
  6. CredentialsLoader

CredentialsLoader

abstract class CredentialsLoader implements GetUniverseDomainInterface, FetchAuthTokenInterface, UpdateMetadataInterface (View source)

CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.

Traits

UpdateMetadataTrait
Provides shared methods for updating request metadata (request headers).

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

QUOTA_PROJECT_ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

MTLS_WELL_KNOWN_PATH

MTLS_CERT_ENV_VAR

Methods

callable
getUpdateMetadataFunc() deprecated

export a callback function which updates runtime metadata.

from UpdateMetadataTrait
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

from UpdateMetadataTrait
static array|null
fromEnv()

Load a JSON key from the path specified in the environment.

static array|null
fromWellKnownFile()

Load a JSON key from a well known path.

static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

static InsecureCredentials
makeInsecureCredentials()

Create a new instance of InsecureCredentials.

static string|null
quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

static callable|null
getDefaultClientCertSource()

Gets a callable which returns the default device certification.

static bool
shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

string
getUniverseDomain()

Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.

Details

in UpdateMetadataTrait at line 35
callable getUpdateMetadataFunc() deprecated

deprecated

export a callback function which updates runtime metadata.

Return Value

callable updateMetadata function

in UpdateMetadataTrait at line 48
array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata metadata hashmap
string $authUri optional auth uri
callable $httpHandler callback which delivers psr7 request

Return Value

array updated metadata hashmap

at line 77
static array|null fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array|null JSON key | null

at line 103
static array|null fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Return Value

array|null JSON key | null

at line 131
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

Parameters

string|string[] $scope the scope of the access request, expressed either as an Array or as a space-delimited String.
array $jsonKey the JSON credentials.
string|string[] $defaultScope The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Return Value

ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials

at line 172
static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher is used to fetch the auth token
array $httpClientOptions (optional) Array of request options to apply.
callable $httpHandler (optional) http client to fetch the token.
callable $tokenCallback (optional) function to be called when a new token is fetched.

Return Value

Client

at line 197
static InsecureCredentials makeInsecureCredentials()

Create a new instance of InsecureCredentials.

Return Value

InsecureCredentials

at line 209
static string|null quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

Return Value

string|null

at line 220
static callable|null getDefaultClientCertSource()

Gets a callable which returns the default device certification.

Return Value

callable|null

Exceptions

UnexpectedValueException

at line 245
static bool shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

Return Value

bool

at line 284
string getUniverseDomain()

Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.

Return Value

string