public function testSuccedsIfNoDefaultFilesButIsOnGCE()
{
$client = new Client();
// simulate the response from GCE.
$wantedTokens = ['access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer'];
$jsonTokens = json_encode($wantedTokens);
$plugin = new Mock([new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']), new Response(200, [], Stream::factory($jsonTokens))]);
$client->getEmitter()->attach($plugin);
$this->assertNotNull(ApplicationDefaultCredentials::getFetcher('a scope', $client));
}
/**
* Adds auth listeners to the HTTP client based on the credentials
* set in the Google API Client object
*
* @param GuzzleHttp\ClientInterface $http the http client object.
* @param GuzzleHttp\ClientInterface $authHttp an http client for authentication.
* @return void
*/
public function authorize(ClientInterface $http, ClientInterface $authHttp = null)
{
$subscriber = null;
$authIdentifier = null;
// if we end up needing to make an HTTP request to retrieve credentials, we
// can use our existing one, but we need to throw exceptions so the error
// bubbles up.
$authHttp = $authHttp ?: $this->createDefaultAuthHttpClient($http);
// These conditionals represent the decision tree for authentication
// 1. Check for Application Default Credentials
// 2. Check for API Key
// 3a. Check for an Access Token
// 3b. If access token exists but is expired, try to refresh it
if ($this->config->get('use_application_default_credentials')) {
$scopes = $this->prepareScopes();
if ($sub = $this->config->get('subject')) {
// for service account domain-wide authority (impersonating a user)
// @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount
if (!($creds = CredentialsLoader::fromEnv($scopes))) {
$creds = CredentialsLoader::fromWellKnownFile($scopes);
}
if (!$creds instanceof ServiceAccountCredentials) {
throw new DomainException('domain-wide authority requires service account credentials');
}
$creds->setSub($sub);
$subscriber = new AuthTokenFetcher($creds, array(), $this->cache, $authHttp);
} else {
$subscriber = ApplicationDefaultCredentials::getFetcher($scopes, $authHttp, array(), $this->cache);
}
$authIdentifier = 'google_auth';
} elseif ($key = $this->config->get('developer_key')) {
// if a developer key is set, authorize using that
$subscriber = new Simple(['key' => $key]);
$authIdentifier = 'simple';
} elseif ($token = $this->getAccessToken()) {
$scopes = $this->prepareScopes();
// add refresh subscriber to request a new token
if ($this->isAccessTokenExpired() && isset($token['refresh_token'])) {
$subscriber = $this->createUserRefreshCredentials($scopes, $token['refresh_token'], $authHttp);
$authIdentifier = 'google_auth';
} else {
$subscriber = new ScopedAccessToken(function ($scopes) use($token) {
return $token['access_token'];
}, (array) $scopes, []);
$authIdentifier = 'scoped';
}
}
if ($subscriber) {
$http->setDefaultOption('auth', $authIdentifier);
$http->getEmitter()->attach($subscriber);
$this->getLogger()->log('info', sprintf('Added listener for auth type "%s"', $authIdentifier));
}
return $http;
}
