ServiceAccountJwtAccessCredentials
class ServiceAccountJwtAccessCredentials extends CredentialsLoader implements GetQuotaProjectInterface, SignBlobInterface, ProjectIdProviderInterface (View source)
Authenticates requests using Google's Service Account credentials via JWT Access.
This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via 'Generate new Json Key'). It is not part of any OAuth2 flow, rather it creates a JWT and sends that as a credential.
Traits
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
Properties
| protected OAuth2 | $auth | The OAuth2 instance used to conduct authorization. | |
| protected | $quotaProject | The quota project associated with the JSON credentials |
Methods
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Updates metadata with the authorization token.
Sign a string using the service account private key.
Create a new ServiceAccountJwtAccessCredentials.
Implements FetchAuthTokenInterface#fetchAuthToken.
No description
No description
Get the project ID from the service account keyfile.
Get the client name from the keyfile.
Get the quota project used for this API request
Details
in CredentialsLoader at line 86
static array|null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
in CredentialsLoader at line 112
static array|null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
in CredentialsLoader at line 140
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|array $scope, array $jsonKey, string|array $defaultScope = null)
Create a new Credentials instance.
in CredentialsLoader at line 171
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
in CredentialsLoader at line 208
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
in CredentialsLoader at line 219
array
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
at line 105
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
string
signBlob(string $stringToSign, bool $forceOpenssl = false)
Sign a string using the service account private key.
at line 61
__construct(string|array $jsonKey)
Create a new ServiceAccountJwtAccessCredentials.
at line 128
array
fetchAuthToken(callable $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
at line 143
string
getCacheKey()
at line 151
null|array
getLastReceivedToken()
at line 164
string|null
getProjectId(callable $httpHandler = null)
Get the project ID from the service account keyfile.
Returns null if the project ID does not exist in the keyfile.
at line 177
string
getClientName(callable $httpHandler = null)
Get the client name from the keyfile.
In this case, it returns the keyfile's client_email key.
at line 187
string|null
getQuotaProject()
Get the quota project used for this API request