class Iam (View source)

Tools for using the IAM API.

Constants

deprecated IAM_API_ROOT

SIGN_BLOB_PATH

SERVICE_ACCOUNT_NAME

private IAM_API_ROOT_TEMPLATE

private GENERATE_ID_TOKEN_PATH

Methods

__construct(callable|null $httpHandler = null, string $universeDomain = GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN)

No description

string
signBlob(string $email, string $accessToken, string $stringToSign, array $delegates = [])

Sign a string using the IAM signBlob API.

string
generateIdToken(string $clientEmail, string $targetAudience, string $bearerToken, array $headers = [])

Sign a string using the IAM signBlob API.

Details

__construct(callable|null $httpHandler = null, string $universeDomain = GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN)

No description

Parameters

callable|null $httpHandler

[optional] The HTTP Handler to send requests.

string $universeDomain

string signBlob(string $email, string $accessToken, string $stringToSign, array $delegates = [])

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

Parameters

string $email

The service account email.

string $accessToken

An access token from the service account.

string $stringToSign

The string to be signed.

array $delegates

[optional] A list of service account emails to add to the delegate chain. If omitted, the value of $email will be used.

Return Value

string

The signed string, base64-encoded.

string generateIdToken(string $clientEmail, string $targetAudience, string $bearerToken, array $headers = [])

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

Parameters

string $clientEmail

The service account email.

string $targetAudience

The audience for the ID token.

string $bearerToken

The token to authenticate the IAM request.

array $headers

[optional] Additional headers to send with the request.

Return Value

string

The signed string, base64-encoded.