1. class
  2. Google
  3. \
  4. Auth
  5. \
  6. Credentials
  7. \
  8. UserRefreshCredentials

UserRefreshCredentials

class UserRefreshCredentials extends CredentialsLoader implements GetQuotaProjectInterface (View source)

Authenticates requests using User Refresh credentials.

This class allows authorizing requests from user refresh tokens.

This the end of the result of a 3LO flow. E.g, the end result of 'gcloud auth login' saves a file with these contents in well known location

Traits

UpdateMetadataTrait

Provides shared methods for updating request metadata (request headers).

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

QUOTA_PROJECT_ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

MTLS_WELL_KNOWN_PATH

MTLS_CERT_ENV_VAR

Properties

protected OAuth2 $auth

The OAuth2 instance used to conduct authorization.
protected string $quotaProject

The quota project associated with the JSON credentials

Methods

callable
getUpdateMetadataFunc() deprecated

export a callback function which updates runtime metadata.

from  UpdateMetadataTrait
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

from  UpdateMetadataTrait
static array|null
fromEnv()

Load a JSON key from the path specified in the environment.

from  CredentialsLoader
static array|null
fromWellKnownFile()

Load a JSON key from a well known path.

from  CredentialsLoader
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

from  CredentialsLoader
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

from  CredentialsLoader
static InsecureCredentials
makeInsecureCredentials()

Create a new instance of InsecureCredentials.

from  CredentialsLoader
static string|null
quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

from  CredentialsLoader
static callable|null
getDefaultClientCertSource()

Gets a callable which returns the default device certification.

from  CredentialsLoader
static bool
shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

from  CredentialsLoader
string
getUniverseDomain()

Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.

from  CredentialsLoader
__construct(string|string[] $scope, string|array $jsonKey)

Create a new UserRefreshCredentials.

array
fetchAuthToken(callable $httpHandler = null)

No description

string
getCacheKey()

No description

null|array
getLastReceivedToken()

No description

string|null
getQuotaProject()

Get the quota project used for this API request

string|null
getGrantedScope()

Get the granted scopes (if they exist) for the last fetched token.

Details

in UpdateMetadataTrait at line 35
callable getUpdateMetadataFunc() deprecated

deprecated

export a callback function which updates runtime metadata.

Return Value

callable

updateMetadata function

in UpdateMetadataTrait at line 48
array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata

metadata hashmap
string $authUri

optional auth uri
callable $httpHandler

callback which delivers psr7 request

Return Value

array

updated metadata hashmap

in CredentialsLoader at line 77
static array|null fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array|null

JSON key | null

in CredentialsLoader at line 103
static array|null fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Return Value

array|null

JSON key | null

in CredentialsLoader at line 131
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)

Create a new Credentials instance.

Parameters

string|string[] $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.
array $jsonKey

the JSON credentials.
string|string[] $defaultScope

The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Return Value

ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials

in CredentialsLoader at line 172
static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher

is used to fetch the auth token
array $httpClientOptions

(optional) Array of request options to apply.
callable $httpHandler

(optional) http client to fetch the token.
callable $tokenCallback

(optional) function to be called when a new token is fetched.

Return Value

Client

in CredentialsLoader at line 197
static InsecureCredentials makeInsecureCredentials()

Create a new instance of InsecureCredentials.

Return Value

InsecureCredentials

in CredentialsLoader at line 209
static string|null quotaProjectFromEnv()

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

Return Value

string|null

in CredentialsLoader at line 220
static callable|null getDefaultClientCertSource()

Gets a callable which returns the default device certification.

Return Value

callable|null

Exceptions

UnexpectedValueException

in CredentialsLoader at line 245
static bool shouldLoadClientCertSource()

Determines whether or not the default device certificate should be loaded.

Return Value

bool

in CredentialsLoader at line 284
string getUniverseDomain()

Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.

Return Value

string

at line 59
__construct(string|string[] $scope, string|array $jsonKey)

Create a new UserRefreshCredentials.

Parameters

string|string[] $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.
string|array $jsonKey

JSON credential file path or JSON credentials as an associative array

at line 112
array fetchAuthToken(callable $httpHandler = null)

No description

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

at line 120
string getCacheKey()

No description

Return Value

string

a key that may be used to cache the auth token.

at line 128
null|array getLastReceivedToken()

No description

Return Value

null|array

{ The last received access token.

@type string $access_token The access token string.
@type int $expires_at The time the token expires as a UNIX timestamp.

}

at line 138
string|null getQuotaProject()

Get the quota project used for this API request

Return Value

string|null

at line 148
string|null getGrantedScope()

Get the granted scopes (if they exist) for the last fetched token.

Return Value

string|null