Authenticates requests using Google's Service Account credentials via
JWT Access.

This class allows authorizing requests for service accounts directly
from credentials from a json key file downloaded from the developer
console (via 'Generate new Json Key'). It is not part of any OAuth2
flow, rather it creates a JWT and sends that as a credential.

CloneableInstantiable
ExtendsGoogle\Auth\CredentialsLoader
ImplementsGoogle\Auth\FetchAuthTokenInterface
Google\Auth\GetQuotaProjectInterface
Google\Auth\ProjectIdProviderInterface
Google\Auth\SignBlobInterface
Constants
public Google\Auth\CredentialsLoader::AUTH_METADATA_KEY = 'authorization'
public Google\Auth\CredentialsLoader::ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'
public Google\Auth\CredentialsLoader::NON_WINDOWS_WELL_KNOWN_PATH_BASE = '.config'
public Google\Auth\CredentialsLoader::TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'
public Google\Auth\CredentialsLoader::WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json'
public Google\Auth\GetQuotaProjectInterface::X_GOOG_USER_PROJECT_HEADER = 'X-Goog-User-Project'
Methods
public __construct( $jsonKey)
 

Create a new ServiceAccountJwtAccessCredentials.

    public fetchAuthToken(?callable $httpHandler = NULL)
     

    Implements FetchAuthTokenInterface#fetchAuthToken.

    • return array|void A set of auth related metadata, containing the following keys: - access_token (string)
    public static Google\Auth\CredentialsLoader::fromEnv()
     

    Load a JSON key from the path specified in the environment.

    Load a JSON key from the path specified in the environment
    variable GOOGLE_APPLICATION_CREDENTIALS. Return null if
    GOOGLE_APPLICATION_CREDENTIALS is not specified.

    • return array|null JSON key | null
    public static Google\Auth\CredentialsLoader::fromWellKnownFile()
     

    Load a JSON key from a well known path.

    The well known path is OS dependent:

    • windows: %APPDATA%/gcloud/application_default_credentials.json
    • others: $HOME/.config/gcloud/application_default_credentials.json

    If the file does not exist, this returns null.

    • return array|null JSON key | null
    public getCacheKey()
     
    • return string
    public getClientName(?callable $httpHandler = NULL)
     

    Get the client name from the keyfile.

    In this case, it returns the keyfile's client_email key.

    • return string
    public getLastReceivedToken()
     
    • return array
    public getProjectId(?callable $httpHandler = NULL)
     

    Get the project ID from the service account keyfile.

    Returns null if the project ID does not exist in the keyfile.

    • return string|null
    public getQuotaProject()
     

    Get the quota project used for this API request

    • return string|null
    public Google\Auth\CredentialsLoader::getUpdateMetadataFunc()
     

    export a callback function which updates runtime metadata.

    • return array updateMetadata function
    public static Google\Auth\CredentialsLoader::makeCredentials( $scope, array $jsonKey)
     

    Create a new Credentials instance.

    • return ServiceAccountCredentials|\UserRefreshCredentials
    public static Google\Auth\CredentialsLoader::makeHttpClient(Google\Auth\FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], ?callable $httpHandler = NULL, ?callable $tokenCallback = NULL)
     

    Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

    public static Google\Auth\CredentialsLoader::makeInsecureCredentials()
     

    Create a new instance of InsecureCredentials.

    public signBlob( $stringToSign, $forceOpenssl = false)
     

    Sign a string using the service account private key.

    • return string
    public updateMetadata( $metadata, $authUri = NULL, ?callable $httpHandler = NULL)
     

    Updates metadata with the authorization token.

    • return array updated metadata hashmap
    Properties
    protected $auth
     

    The OAuth2 instance used to conduct authorization.

    • var OAuth2
    protected $quotaProject
     

    The quota project associated with the JSON credentials

    Methods
    private static Google\Auth\CredentialsLoader::isOnWindows()
     
    • return bool
    private static Google\Auth\CredentialsLoader::unableToReadEnv( $cause)
     
    • return string
    Methods
    public static Google\Auth\CredentialsLoader::fromEnv()
     

    Load a JSON key from the path specified in the environment.

    Load a JSON key from the path specified in the environment
    variable GOOGLE_APPLICATION_CREDENTIALS. Return null if
    GOOGLE_APPLICATION_CREDENTIALS is not specified.

    • return array|null JSON key | null
    public static Google\Auth\CredentialsLoader::fromWellKnownFile()
     

    Load a JSON key from a well known path.

    The well known path is OS dependent:

    • windows: %APPDATA%/gcloud/application_default_credentials.json
    • others: $HOME/.config/gcloud/application_default_credentials.json

    If the file does not exist, this returns null.

    • return array|null JSON key | null
    private static Google\Auth\CredentialsLoader::isOnWindows()
     
    • return bool
    public static Google\Auth\CredentialsLoader::makeCredentials( $scope, array $jsonKey)
     

    Create a new Credentials instance.

    • return ServiceAccountCredentials|\UserRefreshCredentials
    public static Google\Auth\CredentialsLoader::makeHttpClient(Google\Auth\FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], ?callable $httpHandler = NULL, ?callable $tokenCallback = NULL)
     

    Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

    public static Google\Auth\CredentialsLoader::makeInsecureCredentials()
     

    Create a new instance of InsecureCredentials.

    private static Google\Auth\CredentialsLoader::unableToReadEnv( $cause)
     
    • return string
    © 2020 Bruce Wells
    Search Namespaces \ Classes
    ConfigurationNumbers (0-9.) only