class ServiceAccountCredentials extends CredentialsLoader (View source)

ServiceAccountCredentials supports authorization using a Google service account.

(cf https://developers.google.com/accounts/docs/OAuth2ServiceAccount)

It's initialized using the json key file that's downloadable from developer console, which should contain a private_key and client_email fields that it uses.

Use it with AuthTokenMiddleware to authorize http requests:

use Google\Auth\Credentials\ServiceAccountCredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;

$sa = new ServiceAccountCredentials( 'https://www.googleapis.com/auth/taskqueue', '/path/to/your/json/key_file.json' ); $middleware = new AuthTokenMiddleware($sa); $stack = HandlerStack::create(); $stack->push($middleware);

$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' // authorize all requests ]);

$res = $client->get('myproject/taskqueues/myqueue');

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

AUTH_METADATA_KEY

Properties

protected OAuth2 $auth

The OAuth2 instance used to conduct authorization.

Methods

static array
fromEnv()

Load a JSON key from the path specified in the environment.

static array
fromWellKnownFile()

Load a JSON key from a well known path.

makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

array
getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

__construct(string|array $scope, string|array $jsonKey, string $sub = null)

Create a new ServiceAccountCredentials.

array
fetchAuthToken(callable $httpHandler = null)

No description

string
getCacheKey()

No description

null|array
getLastReceivedToken()

No description

setSub(string $sub)

No description

Details

static array fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array

JSON key | null

static array fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exists, this returns null.

Return Value

array

JSON key | null

static ServiceAccountCredentials|UserRefreshCredentials makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

Parameters

string|array $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

array $jsonKey

the JSON credentials.

Return Value

ServiceAccountCredentials|UserRefreshCredentials

static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher

is used to fetch the auth token

array $httpClientOptions
callable $httpHandler

(optional) http client to fetch the token.

callable $tokenCallback

(optional) function to be called when a new token is fetched.

Return Value

Client

array getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

Return Value

array

updateMetadata function

array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata

metadata hashmap

string $authUri

optional auth uri

callable $httpHandler

callback which delivers psr7 request

Return Value

array

updated metadata hashmap

__construct(string|array $scope, string|array $jsonKey, string $sub = null)

Create a new ServiceAccountCredentials.

Parameters

string|array $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

string|array $jsonKey

JSON credential file path or JSON credentials as an associative array

string $sub

an email address account to impersonate, in situations when the service account has been delegated domain wide access.

array fetchAuthToken(callable $httpHandler = null)

No description

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

string getCacheKey()

No description

Return Value

string

a key that may be used to cache the auth token.

null|array getLastReceivedToken()

No description

Return Value

null|array

{ The last received access token.

setSub(string $sub)

No description

Parameters

string $sub

an email address account to impersonate, in situations when the service account has been delegated domain wide access.