AppIdentityCredentials supports authorization on Google App Engine.

It can be used to authorize requests using the AuthTokenMiddleware or
AuthTokenSubscriber, but will only succeed if being run on App Engine:

Example:

use Google\Auth\Credentials\AppIdentityCredentials;
use Google\Auth\Middleware\AuthTokenMiddleware;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;

$gae = new AppIdentityCredentials('https://www.googleapis.com/auth/books');
$middleware = new AuthTokenMiddleware($gae);
$stack = HandlerStack::create();
$stack->push($middleware);

$client = new Client([
    'handler' => $stack,
    'base_uri' => 'https://www.googleapis.com/books/v1',
    'auth' => 'google_auth'
]);

$res = $client->get('volumes?q=Henry+David+Thoreau&country=US');
CloneableInstantiable
ExtendsGoogle\Auth\CredentialsLoader
ImplementsGoogle\Auth\FetchAuthTokenInterface
Google\Auth\ProjectIdProviderInterface
Google\Auth\SignBlobInterface
Constants
public Google\Auth\CredentialsLoader::AUTH_METADATA_KEY = 'authorization'
public Google\Auth\CredentialsLoader::ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'
public Google\Auth\CredentialsLoader::NON_WINDOWS_WELL_KNOWN_PATH_BASE = '.config'
public Google\Auth\CredentialsLoader::TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'
public Google\Auth\CredentialsLoader::WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json'
Methods
public __construct( $scope = [])
 
    public fetchAuthToken(?callable $httpHandler = NULL)
     

    Implements FetchAuthTokenInterface#fetchAuthToken.

    Fetches the auth tokens using the AppIdentityService if available.
    As the AppIdentityService uses protobufs to fetch the access token,
    the GuzzleHttp\ClientInterface instance passed in will not be used.

    • return array A set of auth related metadata, containing the following keys: - access_token (string) - expiration_time (string)
    public static Google\Auth\CredentialsLoader::fromEnv()
     

    Load a JSON key from the path specified in the environment.

    Load a JSON key from the path specified in the environment
    variable GOOGLE_APPLICATION_CREDENTIALS. Return null if
    GOOGLE_APPLICATION_CREDENTIALS is not specified.

    • return array|null JSON key | null
    public static Google\Auth\CredentialsLoader::fromWellKnownFile()
     

    Load a JSON key from a well known path.

    The well known path is OS dependent:

    • windows: %APPDATA%/gcloud/application_default_credentials.json
    • others: $HOME/.config/gcloud/application_default_credentials.json

    If the file does not exist, this returns null.

    • return array|null JSON key | null
    public getCacheKey()
     

    Caching is handled by the underlying AppIdentityService, return empty string
    to prevent caching.

    • return string
    public getClientName(?callable $httpHandler = NULL)
     

    Get the client name from AppIdentityService.

    Subsequent calls to this method will return a cached value.

    • return string
    • throws Exception If AppEngine SDK or mock is not available.
    public getLastReceivedToken()
     
    • return array|null
    public getProjectId(?callable $httpHander = NULL)
     

    Get the project ID from AppIdentityService.

    Returns null if AppIdentityService is unavailable.

    • return string|null
    public Google\Auth\CredentialsLoader::getUpdateMetadataFunc()
     

    export a callback function which updates runtime metadata.

    • return array updateMetadata function
    public static Google\Auth\CredentialsLoader::makeCredentials( $scope, array $jsonKey)
     

    Create a new Credentials instance.

    • return ServiceAccountCredentials|\UserRefreshCredentials
    public static Google\Auth\CredentialsLoader::makeHttpClient(Google\Auth\FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], ?callable $httpHandler = NULL, ?callable $tokenCallback = NULL)
     

    Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

    public static Google\Auth\CredentialsLoader::makeInsecureCredentials()
     

    Create a new instance of InsecureCredentials.

    public static onAppEngine()
     

    Determines if this an App Engine instance, by accessing the
    SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME
    environment variable (dev).

    • return bool true if this an App Engine Instance, false otherwise
    public signBlob( $stringToSign, $forceOpenSsl = false)
     

    Sign a string using AppIdentityService.

    • return string The signature, base64-encoded.
    • throws Exception If AppEngine SDK or mock is not available.
    public Google\Auth\CredentialsLoader::updateMetadata( $metadata, $authUri = NULL, ?callable $httpHandler = NULL)
     

    Updates metadata with the authorization token.

    • return array updated metadata hashmap
    Properties
    protected $lastReceivedToken
     

    Result of fetchAuthToken.

    • var array
    Properties
    private $clientName
     
    • var string
    private $scope
     

    Array of OAuth2 scopes to be requested.

    • var array
    Methods
    private checkAppEngineContext()
    private static Google\Auth\CredentialsLoader::isOnWindows()
     
    • return bool
    private static Google\Auth\CredentialsLoader::unableToReadEnv( $cause)
     
    • return string
    Methods
    public static Google\Auth\CredentialsLoader::fromEnv()
     

    Load a JSON key from the path specified in the environment.

    Load a JSON key from the path specified in the environment
    variable GOOGLE_APPLICATION_CREDENTIALS. Return null if
    GOOGLE_APPLICATION_CREDENTIALS is not specified.

    • return array|null JSON key | null
    public static Google\Auth\CredentialsLoader::fromWellKnownFile()
     

    Load a JSON key from a well known path.

    The well known path is OS dependent:

    • windows: %APPDATA%/gcloud/application_default_credentials.json
    • others: $HOME/.config/gcloud/application_default_credentials.json

    If the file does not exist, this returns null.

    • return array|null JSON key | null
    private static Google\Auth\CredentialsLoader::isOnWindows()
     
    • return bool
    public static Google\Auth\CredentialsLoader::makeCredentials( $scope, array $jsonKey)
     

    Create a new Credentials instance.

    • return ServiceAccountCredentials|\UserRefreshCredentials
    public static Google\Auth\CredentialsLoader::makeHttpClient(Google\Auth\FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], ?callable $httpHandler = NULL, ?callable $tokenCallback = NULL)
     

    Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

    public static Google\Auth\CredentialsLoader::makeInsecureCredentials()
     

    Create a new instance of InsecureCredentials.

    public static onAppEngine()
     

    Determines if this an App Engine instance, by accessing the
    SERVER_SOFTWARE environment variable (prod) or the APPENGINE_RUNTIME
    environment variable (dev).

    • return bool true if this an App Engine Instance, false otherwise
    private static Google\Auth\CredentialsLoader::unableToReadEnv( $cause)
     
    • return string
    © 2020 Bruce Wells
    Search Namespaces \ Classes
    ConfigurationNumbers (0-9.) only