Wrapper around Google Access Tokens which provides convenience functions.

  • experimental
CloneableInstantiable
Constants
public Google\Auth\AccessToken::FEDERATED_SIGNON_CERT_URL = 'https://www.googleapis.com/oauth2/v3/certs'
public Google\Auth\AccessToken::IAP_CERT_URL = 'https://www.gstatic.com/iap/verify/public_key-jwk'
public Google\Auth\AccessToken::IAP_ISSUER = 'https://cloud.google.com/iap'
public Google\Auth\AccessToken::OAUTH2_ISSUER = 'accounts.google.com'
public Google\Auth\AccessToken::OAUTH2_ISSUER_HTTPS = 'https://accounts.google.com'
public Google\Auth\AccessToken::OAUTH2_REVOKE_URI = 'https://oauth2.googleapis.com/revoke'
Methods
public __construct(?callable $httpHandler = NULL, ?Psr\Cache\CacheItemPoolInterface $cache = NULL)
 


    public revoke( $token, array $options = [])
     
    Revoke an OAuth2 access token or refresh token. This method will revoke the current access token, if a token isn't provided.

    • return bool Returns True if the revocation was successful, otherwise False.
    public verify( $token, array $options = [])
     
    Verifies an id token and returns the authenticated apiLoginTicket.

    Throws an exception if the id token is not valid.
    The audience parameter can be used to control which id tokens are
    accepted. By default, the id token must have been issued to this OAuth2 client.

    • return array|bool the token payload, if successful, or false if not.
    • throws InvalidArgumentException If certs could not be retrieved from a local file.
    • throws InvalidArgumentException If received certs are in an invalid format.
    • throws InvalidArgumentException If the cert alg is not supported.
    • throws RuntimeException If certs could not be retrieved from a remote location.
    • throws UnexpectedValueException If the token issuer does not match.
    • throws UnexpectedValueException If the token audience does not match.
    Methods
    protected callJwtStatic( $method, array $args = [])
     
    Provide a hook to mock calls to the JWT static methods.

    • return mixed
    protected callSimpleJwtDecode(array $args = [])
     
    Provide a hook to mock calls to the JWT static methods.

    • return mixed
    Properties
    private $cache
     


    • var CacheItemPoolInterface
    private $httpHandler
     


    • var callable
    Methods
    private checkAndInitializePhpsec()
    private checkSimpleJwt()
    private determineAlg(array $certs)
     
    Identifies the expected algorithm to verify by looking at the "alg" key of the provided certs.

    • return string The expected algorithm, such as "ES256" or "RS256".
    private getCacheKeyFromCertLocation( $certsLocation)
     
    Generate a cache key based on the cert location using sha1 with the exception of using "federated_signon_certs_v3" to preserve BC.

    • return string
    private getCerts( $location, $cacheKey, array $options = [])
     
    Gets federated sign-on certificates to use for verifying identity tokens.

    Returns certs as array structure, where keys are key ids, and values
    are PEM encoded certificates.

    • return array
    • throws InvalidArgumentException If received certs are in an invalid format.
    private retrieveCertsFromLocation( $url, array $options = [])
     
    Retrieve and cache a certificates file.

    • return array certificates
    • throws InvalidArgumentException If certs could not be retrieved from a local file.
    • throws RuntimeException If certs could not be retrieved from a remote location.
    private setPhpsecConstants()
    private verifyEs256( $token, array $certs, $audience = NULL, $issuer = NULL)
     
    Verifies an ES256-signed JWT.

    • return array|bool the token payload, if successful, or false if not.
    private verifyRs256( $token, array $certs, $audience = NULL, $issuer = NULL)
     
    Verifies an RS256-signed JWT.

    • return array|bool the token payload, if successful, or false if not.
    © 2020 Bruce Wells
    Search Namespaces \ Classes
    ConfigurationNumbers (0-9.) only