1. class
  2. Google
  3. \
  4. Auth
  5. \
  6. Credentials
  7. \
  8. AppIdentityCredentials

AppIdentityCredentials

class AppIdentityCredentials extends CredentialsLoader implements SignBlobInterface, ProjectIdProviderInterface (View source)

AppIdentityCredentials supports authorization on Google App Engine.

It can be used to authorize requests using the AuthTokenMiddleware or AuthTokenSubscriber, but will only succeed if being run on App Engine:

Example:

use Google\Auth\Credentials\AppIdentityCredentials;
use Google\Auth\Middleware\AuthTokenMiddleware;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;

$gae = new AppIdentityCredentials('https://www.googleapis.com/auth/books');
$middleware = new AuthTokenMiddleware($gae);
$stack = HandlerStack::create();
$stack->push($middleware);

$client = new Client([
    'handler' => $stack,
    'base_uri' => 'https://www.googleapis.com/books/v1',
    'auth' => 'google_auth'
]);

$res = $client->get('volumes?q=Henry+David+Thoreau&country=US');

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

Properties

protected array $lastReceivedToken Result of fetchAuthToken.

Methods

static array|null
fromEnv()

Load a JSON key from the path specified in the environment.

from CredentialsLoader
static array|null
fromWellKnownFile()

Load a JSON key from a well known path.

from CredentialsLoader
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|array $scope, array $jsonKey, string|array $defaultScope = null)

Create a new Credentials instance.

from CredentialsLoader
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

from CredentialsLoader
static InsecureCredentials
makeInsecureCredentials()

Create a new instance of InsecureCredentials.

from CredentialsLoader
array
getUpdateMetadataFunc() deprecated

export a callback function which updates runtime metadata.

from CredentialsLoader
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

from CredentialsLoader
__construct(array $scope = array())

No description

static bool
onAppEngine()

Determines if this an App Engine instance, by accessing the SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME environment variable (dev).

array
fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

string
signBlob(string $stringToSign, bool $forceOpenSsl = false)

Sign a string using AppIdentityService.

string|null
getProjectId(callable $httpHander = null)

Get the project ID from AppIdentityService.

string
getClientName(callable $httpHandler = null)

Get the client name from AppIdentityService.

null|array
getLastReceivedToken()

No description

string
getCacheKey()

Caching is handled by the underlying AppIdentityService, return empty string to prevent caching.

Details

in CredentialsLoader at line 86
static array|null fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array|null JSON key | null

in CredentialsLoader at line 112
static array|null fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Return Value

array|null JSON key | null

in CredentialsLoader at line 140
static ServiceAccountCredentials|UserRefreshCredentials makeCredentials(string|array $scope, array $jsonKey, string|array $defaultScope = null)

Create a new Credentials instance.

Parameters

string|array $scope the scope of the access request, expressed either as an Array or as a space-delimited String.
array $jsonKey the JSON credentials.
string|array $defaultScope The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Return Value

ServiceAccountCredentials|UserRefreshCredentials

in CredentialsLoader at line 171
static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher is used to fetch the auth token
array $httpClientOptions (optional) Array of request options to apply.
callable $httpHandler (optional) http client to fetch the token.
callable $tokenCallback (optional) function to be called when a new token is fetched.

Return Value

Client

in CredentialsLoader at line 208
static InsecureCredentials makeInsecureCredentials()

Create a new instance of InsecureCredentials.

Return Value

InsecureCredentials

in CredentialsLoader at line 219
array getUpdateMetadataFunc() deprecated

deprecated

export a callback function which updates runtime metadata.

Return Value

array updateMetadata function

in CredentialsLoader at line 232
array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata metadata hashmap
string $authUri optional auth uri
callable $httpHandler callback which delivers psr7 request

Return Value

array updated metadata hashmap

at line 83
__construct(array $scope = array())

Parameters

array $scope One or more scopes.

at line 95
static bool onAppEngine()

Determines if this an App Engine instance, by accessing the SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME environment variable (dev).

Return Value

bool true if this an App Engine Instance, false otherwise

at line 123
array fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

Fetches the auth tokens using the AppIdentityService if available. As the AppIdentityService uses protobufs to fetch the access token, the GuzzleHttp\ClientInterface instance passed in will not be used.

Parameters

callable $httpHandler callback which delivers psr7 request

Return Value

array a hash of auth tokens

at line 149
string signBlob(string $stringToSign, bool $forceOpenSsl = false)

Sign a string using AppIdentityService.

Parameters

string $stringToSign The string to sign.
bool $forceOpenSsl Require use of OpenSSL for local signing. Does not apply to signing done using external services. Defaults to false.

Return Value

string The resulting signature. Value should be base64-encoded.

Exceptions

Exception If AppEngine SDK or mock is not available.

at line 164
string|null getProjectId(callable $httpHander = null)

Get the project ID from AppIdentityService.

Returns null if AppIdentityService is unavailable.

Parameters

callable $httpHander

Return Value

string|null

at line 184
string getClientName(callable $httpHandler = null)

Get the client name from AppIdentityService.

Subsequent calls to this method will return a cached value.

Parameters

callable $httpHandler callback which delivers psr7 request, if one is required to obtain a client name.

Return Value

string

Exceptions

Exception If AppEngine SDK or mock is not available.

at line 198
null|array getLastReceivedToken()

Return Value

null|array { The last received access token.

at line 216
string getCacheKey()

Caching is handled by the underlying AppIdentityService, return empty string to prevent caching.

Return Value

string a key that may be used to cache the auth token.