OAuth2 supports authentication by OAuth2 2-legged flows.

It primary supports

  • service account authorization
  • authorization where a user already has an access token
CloneableInstantiable
ImplementsGoogle\Auth\FetchAuthTokenInterface
Constants
public Google\Auth\OAuth2::DEFAULT_EXPIRY_SECONDS = 3600
public Google\Auth\OAuth2::DEFAULT_SKEW_SECONDS = 60
public Google\Auth\OAuth2::JWT_URN = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
Properties
public static $knownGrantTypes
 
The well known grant types.

  • var array
public static $knownSigningAlgorithms
 
TODO: determine known methods from the keys of JWT::methods.

Methods
public __construct(array $config)
 
Create a new OAuthCredentials.

The configuration array accepts various options

  • authorizationUri
    The authorization server's HTTP endpoint capable of
    authenticating the end-user and obtaining authorization.

  • tokenCredentialUri
    The authorization server's HTTP endpoint capable of issuing
    tokens and refreshing expired tokens.

  • clientId
    A unique identifier issued to the client to identify itself to the
    authorization server.

  • clientSecret
    A shared symmetric secret issued by the authorization server,
    which is used to authenticate the client.

  • scope
    The scope of the access request, expressed either as an Array
    or as a space-delimited String.

  • state
    An arbitrary string designed to allow the client to maintain state.

  • redirectUri
    The redirection URI used in the initial request.

  • username
    The resource owner's username.

  • password
    The resource owner's password.

  • issuer
    Issuer ID when using assertion profile

  • audience
    Target audience for assertions

  • expiry
    Number of seconds assertions are valid for

  • signingKey
    Signing key when using assertion profile

  • refreshToken
    The refresh token associated with the access token
    to be refreshed.

  • accessToken
    The current access token for this client.

  • idToken
    The current ID token for this client.

  • extensionParams
    When using an extension grant type, this is the set of parameters used
    by that extension.

    public buildFullAuthorizationUri(array $config = [])
     
    Builds the authorization Uri that the user should be redirected to.

    • return UriInterface the authorization Url.
    • throws InvalidArgumentException
    public fetchAuthToken(?callable $httpHandler = NULL)
     
    Fetches the auth tokens based on the current state.

    • return array the response
    public generateCredentialsRequest()
     
    Generates a request for token credentials.

    • return RequestInterface the authorization Url.
    public getAccessToken()
     
    Gets the current access token.

    public getAdditionalClaims()
     
    Gets the additional claims to be included in the JWT token.

    • return array
    public getAudience()
     
    Gets the target audience when issuing assertions.

    public getAuthorizationUri()
     
    Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

    • return UriInterface
    public getCacheKey()
     
    Obtains a key that can used to cache the results of #fetchAuthToken.

    The key is derived from the scopes.

    • return string a key that may be used to cache the auth token.
    public getClientId()
     
    Sets a unique identifier issued to the client to identify itself to the authorization server.

    public getClientName(?callable $httpHandler = NULL)
     
    Get the client ID.

    Alias of {@see \Google\Auth\OAuth2::getClientId()}.

    • return string
    • access private
    public getClientSecret()
     
    Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

    public getCode()
     
    Gets the authorization code issued to this client.

    public getExpiresAt()
     
    Gets the time the current access token expires at.

    • return int
    public getExpiresIn()
     
    Gets the lifetime of the access token in seconds.

    public getExpiry()
     
    Gets the number of seconds assertions are valid for.

    public getExtensionParams()
     
    Gets the set of parameters used by extension when using an extension grant type.

    public getGrantType()
     
    Gets the current grant type.

    • return string
    public getIdToken()
     
    Gets the current ID token.

    public getIssuedAt()
     
    Gets the time the current access token was issued at.

    public getIssuer()
     
    Gets the Issuer ID when using assertion profile.

    public getLastReceivedToken()
     
    The expiration of the last received token.

    • return array
    public getPassword()
     
    Gets the resource owner's password.

    public getRedirectUri()
     
    Gets the redirection URI used in the initial request.

    • return string
    public getRefreshToken()
     
    Gets the refresh token associated with the current access token.

    public getScope()
     
    Gets the scope of the access requests as a space-delimited String.

    • return string
    public getSigningAlgorithm()
     
    Gets the signing algorithm when using an assertion profile.

    • return string
    public getSigningKey()
     
    Gets the signing key when using an assertion profile.

    public getState()
     
    Gets an arbitrary string designed to allow the client to maintain state.

    • return string
    public getSub()
     
    Gets the target sub when issuing assertions.

    public getTokenCredentialUri()
     
    Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

    • return string
    public getUsername()
     
    Gets the resource owner's username.

    public isExpired()
     
    Returns true if the acccess token has expired.

    • return bool
    public parseTokenResponse(Psr\Http\Message\ResponseInterface $resp)
     
    Parses the fetched tokens.

    • return array the tokens parsed from the response body.
    • throws Exception
    public setAccessToken( $accessToken)
     
    Sets the current access token.

      public setAdditionalClaims(array $additionalClaims)
       
      Sets additional claims to be included in the JWT token

        public setAudience( $audience)
         
        Sets the target audience when issuing assertions.

          public setAuthorizationUri( $uri)
           
          Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

            public setClientId( $clientId)
             
            Sets a unique identifier issued to the client to identify itself to the authorization server.

              public setClientSecret( $clientSecret)
               
              Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

                public setCode( $code)
                 
                Sets the authorization code issued to this client.

                  public setExpiresAt( $expiresAt)
                   
                  Sets the time the current access token expires at.

                    public setExpiresIn( $expiresIn)
                     
                    Sets the lifetime of the access token in seconds.

                      public setExpiry( $expiry)
                       
                      Sets the number of seconds assertions are valid for.

                        public setExtensionParams( $extensionParams)
                         
                        Sets the set of parameters used by extension when using an extension grant type.

                          public setGrantType( $grantType)
                           
                          Sets the current grant type.

                          • throws InvalidArgumentException
                          public setIdToken( $idToken)
                           
                          Sets the current ID token.

                            public setIssuedAt( $issuedAt)
                             
                            Sets the time the current access token was issued at.

                              public setIssuer( $issuer)
                               
                              Sets the Issuer ID when using assertion profile.

                                public setPassword( $password)
                                 
                                Sets the resource owner's password.

                                  public setRedirectUri( $uri)
                                   
                                  Sets the redirection URI used in the initial request.

                                    public setRefreshToken( $refreshToken)
                                     
                                    Sets the refresh token associated with the current access token.

                                      public setScope( $scope)
                                       
                                      Sets the scope of the access request, expressed either as an Array or as a space-delimited String.

                                      • throws InvalidArgumentException
                                      public setSigningAlgorithm( $signingAlgorithm)
                                       
                                      Sets the signing algorithm when using an assertion profile.

                                        public setSigningKey( $signingKey)
                                         
                                        Sets the signing key when using an assertion profile.

                                          public setState( $state)
                                           
                                          Sets an arbitrary string designed to allow the client to maintain state.

                                            public setSub( $sub)
                                             
                                            Sets the target sub when issuing assertions.

                                              public setTokenCredentialUri( $uri)
                                               
                                              Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

                                                public setUsername( $username)
                                                 
                                                Sets the resource owner's username.

                                                  public toJwt(array $config = [])
                                                   
                                                  Obtains the encoded jwt from the instance data.

                                                  • return string
                                                  public updateToken(array $config)
                                                   
                                                  Updates an OAuth 2.0 client.

                                                  • example client.updateToken([ 'refresh_token' => 'n4E9O119d', 'access_token' => 'FJQbwq9', 'expires_in' => 3600 ])
                                                  public verifyIdToken( $publicKey = NULL, $allowed_algs = [])
                                                   
                                                  Verifies the idToken if present.

                                                  • if none is present, return null
                                                  • if present, but invalid, raises DomainException.
                                                  • otherwise returns the payload in the idtoken as a PHP object.

                                                  if $publicKey is null, the key is decoded without being verified.

                                                  • return null|object
                                                  Properties
                                                  private $accessToken
                                                   
                                                  The current access token.

                                                  • var string
                                                  private $additionalClaims
                                                   
                                                  When using the toJwt function, these claims will be added to the JWT payload.

                                                  private $audience
                                                   
                                                  The target audience for assertions.

                                                  • var string
                                                  private $authorizationUri
                                                   
                                                  - authorizationUri The authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

                                                  • var UriInterface
                                                  private $clientId
                                                   
                                                  A unique identifier issued to the client to identify itself to the authorization server.

                                                  • var string
                                                  private $clientSecret
                                                   
                                                  A shared symmetric secret issued by the authorization server, which is used to authenticate the client.

                                                  • var string
                                                  private $code
                                                   
                                                  The authorization code issued to this client.

                                                  Only used by the authorization code access grant type.

                                                  • var string
                                                  private $expiresAt
                                                   
                                                  The expiration time of the access token as a number of seconds since the unix epoch.

                                                  • var int
                                                  private $expiresIn
                                                   
                                                  The lifetime in seconds of the current access token.

                                                  • var int
                                                  private $expiry
                                                   
                                                  The number of seconds assertions are valid for.

                                                  • var int
                                                  private $extensionParams
                                                   
                                                  When using an extension grant type, this is the set of parameters used by that extension.

                                                  private $grantType
                                                   
                                                  The current grant type.

                                                  • var string
                                                  private $idToken
                                                   
                                                  The current ID token.

                                                  • var string
                                                  private $issuedAt
                                                   
                                                  The issue time of the access token as a number of seconds since the unix epoch.

                                                  • var int
                                                  private $issuer
                                                   
                                                  The issuer ID when using assertion profile.

                                                  • var string
                                                  private $password
                                                   
                                                  The resource owner's password.

                                                  • var string
                                                  private $redirectUri
                                                   
                                                  The redirection URI used in the initial request.

                                                  • var string
                                                  private $refreshToken
                                                   
                                                  The refresh token associated with the access token to be refreshed.

                                                  • var string
                                                  private $scope
                                                   
                                                  The scope of the access request, expressed either as an Array or as a space-delimited string.

                                                  • var string
                                                  private $signingAlgorithm
                                                   
                                                  The signing algorithm when using an assertion profile.

                                                  • var string
                                                  private $signingKey
                                                   
                                                  The signing key when using assertion profile.

                                                  • var string
                                                  private $state
                                                   
                                                  An arbitrary string designed to allow the client to maintain state.

                                                  • var string
                                                  private $sub
                                                   
                                                  The target sub when issuing assertions.

                                                  • var string
                                                  private $tokenCredentialUri
                                                   
                                                  - tokenCredentialUri The authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

                                                  • var UriInterface
                                                  private $username
                                                   
                                                  The resource owner's username.

                                                  • var string
                                                  Methods
                                                  private addClientCredentials( $params)
                                                   


                                                  • return array
                                                  private coerceUri( $uri)
                                                   


                                                  • todo handle uri as array
                                                  • return null|\UriInterface
                                                  private isAbsoluteUri( $uri)
                                                   
                                                  Determines if the URI is absolute based on its scheme and host or path (RFC 3986).

                                                  • return bool
                                                  private jwtDecode( $idToken, $publicKey, $allowedAlgs)
                                                   


                                                  • return object
                                                  private jwtEncode( $assertion, $signingKey, $signingAlgorithm)
                                                  Properties
                                                  public static $knownGrantTypes
                                                   
                                                  The well known grant types.

                                                  • var array
                                                  public static $knownSigningAlgorithms
                                                   
                                                  TODO: determine known methods from the keys of JWT::methods.

                                                  © 2020 Bruce Wells
                                                  Search Namespaces \ Classes
                                                  ConfigurationNumbers (0-9.) only