class UserRefreshCredentials extends CredentialsLoader implements GetQuotaProjectInterface (View source)

Authenticates requests using User Refresh credentials.

This class allows authorizing requests from user refresh tokens.

This the end of the result of a 3LO flow. E.g, the end result of 'gcloud auth login' saves a file with these contents in well known location

Traits

Provides shared methods for updating request metadata (request headers).

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

QUOTA_PROJECT_ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

MTLS_WELL_KNOWN_PATH

MTLS_CERT_ENV_VAR

Properties

protected OAuth2 $auth

The OAuth2 instance used to conduct authorization.

protected string $quotaProject

The quota project associated with the JSON credentials

Methods

callable
getUpdateMetadataFunc() deprecated

export a callback function which updates runtime metadata.

array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

static array|null
fromEnv()

Load a JSON key from the path specified in the environment.

static array|null
fromWellKnownFile()

Load a JSON key from a well known path.

makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

makeInsecureCredentials()

Create a new instance of InsecureCredentials.

static string|null
quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

static callable|null
getDefaultClientCertSource()

Gets a callable which returns the default device certification.

static bool
shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

__construct(string|string[] $scope, string|array $jsonKey)

Create a new UserRefreshCredentials.

array
fetchAuthToken(callable $httpHandler = null)

No description

string
getCacheKey()

No description

null|array
getLastReceivedToken()

No description

string|null
getQuotaProject()

Get the quota project used for this API request

string|null
getGrantedScope()

Get the granted scopes (if they exist) for the last fetched token.

Details

callable getUpdateMetadataFunc() deprecated

deprecated

export a callback function which updates runtime metadata.

Return Value

callable

updateMetadata function

array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata

metadata hashmap

string $authUri

optional auth uri

callable $httpHandler

callback which delivers psr7 request

Return Value

array

updated metadata hashmap

static array|null fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array|null

JSON key | null

static array|null fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Return Value

array|null

JSON key | null

static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

Parameters

string|string[] $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

array $jsonKey

the JSON credentials.

string|string[] $defaultScope

The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Return Value

ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials

static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher

is used to fetch the auth token

array $httpClientOptions

(optional) Array of request options to apply.

callable $httpHandler

(optional) http client to fetch the token.

callable $tokenCallback

(optional) function to be called when a new token is fetched.

Return Value

Client

static InsecureCredentials makeInsecureCredentials()

Create a new instance of InsecureCredentials.

Return Value

InsecureCredentials

static string|null quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

Return Value

string|null

static callable|null getDefaultClientCertSource()

Gets a callable which returns the default device certification.

Return Value

callable|null

Exceptions

UnexpectedValueException

static bool shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

Return Value

bool

__construct(string|string[] $scope, string|array $jsonKey)

Create a new UserRefreshCredentials.

Parameters

string|string[] $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

string|array $jsonKey

JSON credential file path or JSON credentials as an associative array

array fetchAuthToken(callable $httpHandler = null)

No description

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

string getCacheKey()

No description

Return Value

string

a key that may be used to cache the auth token.

null|array getLastReceivedToken()

No description

Return Value

null|array

{ The last received access token.

@type string $access_token The access token string.
@type int $expires_at The time the token expires as a UNIX timestamp.

}

string|null getQuotaProject()

Get the quota project used for this API request

Return Value

string|null

string|null getGrantedScope()

Get the granted scopes (if they exist) for the last fetched token.

Return Value

string|null