Wrapper around Google Access Tokens which provides convenience functions.

  • experimental
CloneableInstantiable
Constants
public Google\Auth\AccessToken::FEDERATED_SIGNON_CERT_URL = 'https://www.googleapis.com/oauth2/v3/certs'
public Google\Auth\AccessToken::IAP_CERT_URL = 'https://www.gstatic.com/iap/verify/public_key-jwk'
public Google\Auth\AccessToken::IAP_ISSUER = 'https://cloud.google.com/iap'
public Google\Auth\AccessToken::OAUTH2_ISSUER = 'accounts.google.com'
public Google\Auth\AccessToken::OAUTH2_ISSUER_HTTPS = 'https://accounts.google.com'
public Google\Auth\AccessToken::OAUTH2_REVOKE_URI = 'https://oauth2.googleapis.com/revoke'
Methods
public __construct(?callable $httpHandler = NULL, ?Psr\Cache\CacheItemPoolInterface $cache = NULL)
 
    public revoke( $token, array $options = [])
     

    Revoke an OAuth2 access token or refresh token. This method will revoke the current access
    token, if a token isn't provided.

    • return bool Returns True if the revocation was successful, otherwise False.
    public verify( $token, array $options = [])
     

    Verifies an id token and returns the authenticated apiLoginTicket.

    Throws an exception if the id token is not valid.
    The audience parameter can be used to control which id tokens are
    accepted. By default, the id token must have been issued to this OAuth2 client.

    • return array|bool the token payload, if successful, or false if not.
    • throws InvalidArgumentException If certs could not be retrieved from a local file.
    • throws InvalidArgumentException If received certs are in an invalid format.
    • throws InvalidArgumentException If the cert alg is not supported.
    • throws RuntimeException If certs could not be retrieved from a remote location.
    • throws UnexpectedValueException If the token issuer does not match.
    • throws UnexpectedValueException If the token audience does not match.
    Methods
    protected callJwtStatic( $method, array $args = [])
     

    Provide a hook to mock calls to the JWT static methods.

    • return mixed
    protected callSimpleJwtDecode(array $args = [])
     

    Provide a hook to mock calls to the JWT static methods.

    • return mixed
    Properties
    private $cache
     
    • var CacheItemPoolInterface
    private $httpHandler
     
    • var callable
    Methods
    private checkAndInitializePhpsec()
    private checkSimpleJwt()
    private determineAlg(array $certs)
     

    Identifies the expected algorithm to verify by looking at the "alg" key
    of the provided certs.

    • return string The expected algorithm, such as "ES256" or "RS256".
    private getCacheKeyFromCertLocation( $certsLocation)
     

    Generate a cache key based on the cert location using sha1 with the
    exception of using "federated_signon_certs_v3" to preserve BC.

    • return string
    private getCerts( $location, $cacheKey, array $options = [])
     

    Gets federated sign-on certificates to use for verifying identity tokens.

    Returns certs as array structure, where keys are key ids, and values
    are PEM encoded certificates.

    • return array
    • throws InvalidArgumentException If received certs are in an invalid format.
    private retrieveCertsFromLocation( $url, array $options = [])
     

    Retrieve and cache a certificates file.

    • return array certificates
    • throws InvalidArgumentException If certs could not be retrieved from a local file.
    • throws RuntimeException If certs could not be retrieved from a remote location.
    private setPhpsecConstants()
     

    phpseclib calls "phpinfo" by default, which requires special
    whitelisting in the AppEngine VM environment. This function
    sets constants to bypass the need for phpseclib to check phpinfo

    • see
    • see https://github.com/GoogleCloudPlatform/getting-started-php/issues/85
    • codeCoverageIgnore
    private verifyEs256( $token, array $certs, $audience = NULL, $issuer = NULL)
     

    Verifies an ES256-signed JWT.

    • return array|bool the token payload, if successful, or false if not.
    private verifyRs256( $token, array $certs, $audience = NULL, $issuer = NULL)
     

    Verifies an RS256-signed JWT.

    • return array|bool the token payload, if successful, or false if not.
    © 2020 Bruce Wells
    Search Namespaces \ Classes
    ConfigurationNumbers (0-9.) only