ServiceAccountJwtAccessCredentials
class ServiceAccountJwtAccessCredentials extends CredentialsLoader implements SignBlobInterface (View source)
Authenticates requests using Google's Service Account credentials via JWT Access.
This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via 'Generate new Json Key'). It is not part of any OAuth2 flow, rather it creates a JWT and sends that as a credential.
Traits
Sign a string using a Service Account private key.
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| AUTH_METADATA_KEY |
|
Properties
| protected OAuth2 | $auth | The OAuth2 instance used to conduct authorization. |
Methods
Load a JSON key from the path specified in the environment.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
export a callback function which updates runtime metadata.
Updates metadata with the authorization token.
Sign a string using the service account private key.
Create a new ServiceAccountJwtAccessCredentials.
Implements FetchAuthTokenInterface#fetchAuthToken.
No description
No description
Get the client name from the keyfile.
Details
static array
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
static array
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exists, this returns null.
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|array $scope, array $jsonKey)
Create a new Credentials instance.
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
array
getUpdateMetadataFunc()
export a callback function which updates runtime metadata.
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
string
signBlob(string $stringToSign, bool $forceOpenssl = false)
Sign a string using the service account private key.
__construct(string|array $jsonKey)
Create a new ServiceAccountJwtAccessCredentials.
array
fetchAuthToken(callable $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
string
getCacheKey()
No description
null|array
getLastReceivedToken()
No description
string
getClientName(callable $httpHandler = null)
Get the client name from the keyfile.
In this case, it returns the keyfile's client_email key.