public function testSuccedsIfNoDefaultFilesButIsOnGCE() { $client = new Client(); // simulate the response from GCE. $wantedTokens = ['access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer']; $jsonTokens = json_encode($wantedTokens); $plugin = new Mock([new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']), new Response(200, [], Stream::factory($jsonTokens))]); $client->getEmitter()->attach($plugin); $this->assertNotNull(ApplicationDefaultCredentials::getFetcher('a scope', $client)); }
/** * Adds auth listeners to the HTTP client based on the credentials * set in the Google API Client object * * @param GuzzleHttp\ClientInterface $http the http client object. * @param GuzzleHttp\ClientInterface $authHttp an http client for authentication. * @return void */ public function authorize(ClientInterface $http, ClientInterface $authHttp = null) { $subscriber = null; $authIdentifier = null; // if we end up needing to make an HTTP request to retrieve credentials, we // can use our existing one, but we need to throw exceptions so the error // bubbles up. $authHttp = $authHttp ?: $this->createDefaultAuthHttpClient($http); // These conditionals represent the decision tree for authentication // 1. Check for Application Default Credentials // 2. Check for API Key // 3a. Check for an Access Token // 3b. If access token exists but is expired, try to refresh it if ($this->config->get('use_application_default_credentials')) { $scopes = $this->prepareScopes(); if ($sub = $this->config->get('subject')) { // for service account domain-wide authority (impersonating a user) // @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount if (!($creds = CredentialsLoader::fromEnv($scopes))) { $creds = CredentialsLoader::fromWellKnownFile($scopes); } if (!$creds instanceof ServiceAccountCredentials) { throw new DomainException('domain-wide authority requires service account credentials'); } $creds->setSub($sub); $subscriber = new AuthTokenFetcher($creds, array(), $this->cache, $authHttp); } else { $subscriber = ApplicationDefaultCredentials::getFetcher($scopes, $authHttp, array(), $this->cache); } $authIdentifier = 'google_auth'; } elseif ($key = $this->config->get('developer_key')) { // if a developer key is set, authorize using that $subscriber = new Simple(['key' => $key]); $authIdentifier = 'simple'; } elseif ($token = $this->getAccessToken()) { $scopes = $this->prepareScopes(); // add refresh subscriber to request a new token if ($this->isAccessTokenExpired() && isset($token['refresh_token'])) { $subscriber = $this->createUserRefreshCredentials($scopes, $token['refresh_token'], $authHttp); $authIdentifier = 'google_auth'; } else { $subscriber = new ScopedAccessToken(function ($scopes) use($token) { return $token['access_token']; }, (array) $scopes, []); $authIdentifier = 'scoped'; } } if ($subscriber) { $http->setDefaultOption('auth', $authIdentifier); $http->getEmitter()->attach($subscriber); $this->getLogger()->log('info', sprintf('Added listener for auth type "%s"', $authIdentifier)); } return $http; }