class ServiceAccountJwtAccessCredentials extends CredentialsLoader implements SignBlobInterface (View source)

Authenticates requests using Google's Service Account credentials via JWT Access.

This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via 'Generate new Json Key'). It is not part of any OAuth2 flow, rather it creates a JWT and sends that as a credential.

Traits

Sign a string using a Service Account private key.

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

AUTH_METADATA_KEY

Properties

protected OAuth2 $auth

The OAuth2 instance used to conduct authorization.

Methods

static array
fromEnv()

Load a JSON key from the path specified in the environment.

static array
fromWellKnownFile()

Load a JSON key from a well known path.

makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

makeInsecureCredentials()

Create a new instance of InsecureCredentials.

array
getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

string
signBlob(string $stringToSign, bool $forceOpenssl = false)

Sign a string using the service account private key.

__construct(string|array $jsonKey)

Create a new ServiceAccountJwtAccessCredentials.

array
fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

string
getCacheKey()

No description

null|array
getLastReceivedToken()

No description

string
getClientName(callable $httpHandler = null)

Get the client name from the keyfile.

Details

static array fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array

JSON key | null

static array fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exists, this returns null.

Return Value

array

JSON key | null

static ServiceAccountCredentials|UserRefreshCredentials makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

Parameters

string|array $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

array $jsonKey

the JSON credentials.

Return Value

ServiceAccountCredentials|UserRefreshCredentials

static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher

is used to fetch the auth token

array $httpClientOptions
callable $httpHandler

(optional) http client to fetch the token.

callable $tokenCallback

(optional) function to be called when a new token is fetched.

Return Value

Client

static InsecureCredentials makeInsecureCredentials()

Create a new instance of InsecureCredentials.

Return Value

InsecureCredentials

array getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

Return Value

array

updateMetadata function

array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata

metadata hashmap

string $authUri

optional auth uri

callable $httpHandler

callback which delivers psr7 request

Return Value

array

updated metadata hashmap

string signBlob(string $stringToSign, bool $forceOpenssl = false)

Sign a string using the service account private key.

Parameters

string $stringToSign
bool $forceOpenssl

Whether to use OpenSSL regardless of whether phpseclib is installed. Defaults to false.

Return Value

string

__construct(string|array $jsonKey)

Create a new ServiceAccountJwtAccessCredentials.

Parameters

string|array $jsonKey

JSON credential file path or JSON credentials as an associative array

array fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

string getCacheKey()

No description

Return Value

string

a key that may be used to cache the auth token.

null|array getLastReceivedToken()

No description

Return Value

null|array

{ The last received access token.

string getClientName(callable $httpHandler = null)

Get the client name from the keyfile.

In this case, it returns the keyfile's client_email key.

Parameters

callable $httpHandler

callback which delivers psr7 request, if one is required to obtain a client name.

Return Value

string