public function testSuccedsIfNoDefaultFilesButIsOnGCE()
{
$wantedTokens = ['access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer'];
$jsonTokens = json_encode($wantedTokens);
// simulate the response from GCE.
$httpHandler = getHandler([buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google']), buildResponse(200, [], Psr7\stream_for($jsonTokens))]);
$this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope', $httpHandler));
}
public function testSuccedsIfNoDefaultFilesButIsOnGCE()
{
$client = new Client();
// simulate the response from GCE.
$wantedTokens = ['access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer'];
$jsonTokens = json_encode($wantedTokens);
$plugin = new Mock([new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']), new Response(200, [], Stream::factory($jsonTokens))]);
$client->getEmitter()->attach($plugin);
$this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope', $client));
}
/**
* @return array
*/
protected static function getToken()
{
if (isset(static::$token)) {
return static::$token;
}
// specify the path to your application credentials
if (!getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
putenv('GOOGLE_APPLICATION_CREDENTIALS=Bloomon-62a712b0d88d.json');
}
// define the scopes for your API call
$scopes = ['https://spreadsheets.google.com/feeds'];
$credentials = ApplicationDefaultCredentials::getCredentials($scopes);
return static::$token = $credentials->fetchAuthToken();
}
function getToken()
{
// specify the path to your application credentials
if (!getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
putenv('GOOGLE_APPLICATION_CREDENTIALS=Bloomon-62a712b0d88d.json');
}
// define the scopes for your API call
$scopes = ['https://spreadsheets.google.com/feeds'];
// create the HTTP client
$client = new Client(['base_url' => 'https://www.googleapis.com', 'defaults' => ['auth' => 'google_auth']]);
$credentials = ApplicationDefaultCredentials::getCredentials($scopes);
$token = $credentials->fetchAuthToken();
return $token;
}
public function testSucceedIfFileIsPresent()
{
putenv('HOME=' . __DIR__ . '/fixtures');
$this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope'));
}
function updateAuthMetadataCallback($context)
{
$authUri = $context->service_url;
$methodName = $context->method_name;
$auth_credentials = ApplicationDefaultCredentials::getCredentials();
return $auth_credentials->updateMetadata($metadata = [], $authUri);
}
/**
* Run the per_rpc_creds auth test.
* @param $stub Stub object that has service methods
* @param $args array command line args
*/
function perRpcCreds($stub, $args)
{
$jsonKey = json_decode(file_get_contents(getenv(CredentialsLoader::ENV_VAR)), true);
$auth_credentials = ApplicationDefaultCredentials::getCredentials($args['oauth_scope']);
$token = $auth_credentials->fetchAuthToken();
$metadata = array(CredentialsLoader::AUTH_METADATA_KEY => array(sprintf("%s %s", $token['token_type'], $token['access_token'])));
$result = performLargeUnary($stub, $fillUsername = true, $fillOauthScope = true, $metadata);
hardAssert($result->getUsername() == $jsonKey['client_email'], 'invalid email returned');
}
private function createApplicationDefaultCredentials()
{
$scopes = $this->prepareScopes();
$sub = $this->config['subject'];
$signingKey = $this->config['signing_key'];
// create credentials using values supplied in setAuthConfig
if ($signingKey) {
$serviceAccountCredentials = array('client_id' => $this->config['client_id'], 'client_email' => $this->config['client_email'], 'private_key' => $signingKey, 'type' => 'service_account');
$keyStream = Psr7\stream_for(json_encode($serviceAccountCredentials));
$credentials = CredentialsLoader::makeCredentials($scopes, $keyStream);
} else {
$credentials = ApplicationDefaultCredentials::getCredentials($scopes);
}
// for service account domain-wide authority (impersonating a user)
// @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount
if ($sub) {
if (!$credentials instanceof ServiceAccountCredentials) {
throw new DomainException('domain-wide authority requires service account credentials');
}
$credentials->setSub($sub);
}
return $credentials;
}
function _makeStub($args)
{
if (!array_key_exists('server_host', $args)) {
throw new Exception('Missing argument: --server_host is required');
}
if (!array_key_exists('server_port', $args)) {
throw new Exception('Missing argument: --server_port is required');
}
if (!array_key_exists('test_case', $args)) {
throw new Exception('Missing argument: --test_case is required');
}
if ($args['server_port'] == 443) {
$server_address = $args['server_host'];
} else {
$server_address = $args['server_host'] . ':' . $args['server_port'];
}
$test_case = $args['test_case'];
$host_override = 'foo.test.google.fr';
if (array_key_exists('server_host_override', $args)) {
$host_override = $args['server_host_override'];
}
$use_tls = false;
if (array_key_exists('use_tls', $args) && $args['use_tls'] != 'false') {
$use_tls = true;
}
$use_test_ca = false;
if (array_key_exists('use_test_ca', $args) && $args['use_test_ca'] != 'false') {
$use_test_ca = true;
}
$opts = [];
if ($use_tls) {
if ($use_test_ca) {
$ssl_credentials = Grpc\ChannelCredentials::createSsl(file_get_contents(dirname(__FILE__) . '/../data/ca.pem'));
} else {
$ssl_credentials = Grpc\ChannelCredentials::createSsl();
}
$opts['credentials'] = $ssl_credentials;
$opts['grpc.ssl_target_name_override'] = $host_override;
} else {
$opts['credentials'] = Grpc\ChannelCredentials::createInsecure();
}
if (in_array($test_case, ['service_account_creds', 'compute_engine_creds', 'jwt_token_creds'])) {
if ($test_case == 'jwt_token_creds') {
$auth_credentials = ApplicationDefaultCredentials::getCredentials();
} else {
$auth_credentials = ApplicationDefaultCredentials::getCredentials($args['oauth_scope']);
}
$opts['update_metadata'] = $auth_credentials->getUpdateMetadataFunc();
}
if ($test_case == 'oauth2_auth_token') {
$auth_credentials = ApplicationDefaultCredentials::getCredentials($args['oauth_scope']);
$token = $auth_credentials->fetchAuthToken();
$update_metadata = function ($metadata, $authUri = null, ClientInterface $client = null) use($token) {
$metadata_copy = $metadata;
$metadata_copy[CredentialsLoader::AUTH_METADATA_KEY] = [sprintf('%s %s', $token['token_type'], $token['access_token'])];
return $metadata_copy;
};
$opts['update_metadata'] = $update_metadata;
}
if ($test_case == 'unimplemented_method') {
$stub = new grpc\testing\UnimplementedServiceClient($server_address, $opts);
} else {
$stub = new grpc\testing\TestServiceClient($server_address, $opts);
}
return $stub;
}
public function testAppEngineFlexible()
{
$_SERVER['SERVER_SOFTWARE'] = 'Google App Engine';
$_SERVER['GAE_VM'] = 'true';
$httpHandler = getHandler([buildResponse(200, [GCECredentials::FLAVOR_HEADER => 'Google'])]);
$this->assertInstanceOf('Google\\Auth\\Credentials\\GCECredentials', ApplicationDefaultCredentials::getCredentials(null, $httpHandler));
}
/**
* Gets the credentials fetcher and sets up caching. Precedence begins with
* user supplied credentials fetcher instance, followed by a reference to a
* key file stream, and finally the application default credentials.
*
* @return FetchAuthTokenInterface
*/
public function getCredentialsFetcher()
{
$fetcher = null;
if ($this->credentialsFetcher) {
$fetcher = $this->credentialsFetcher;
} elseif ($this->keyFile) {
$fetcher = CredentialsLoader::makeCredentials($this->scopes, $this->keyFile);
} else {
$fetcher = ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler);
}
return new FetchAuthTokenCache($fetcher, $this->authCacheOptions, $this->authCache);
}
<?php
require_once __DIR__ . '/../vendor/autoload.php';
use Google\Auth\ApplicationDefaultCredentials;
$auth_credentials = ApplicationDefaultCredentials::getCredentials(['https://www.googleapis.com/auth/pubsub']);
$channel_credentials = Grpc\ChannelCredentials::createSsl(file_get_contents(__DIR__ . '/../vendor/grpc/grpc/etc/roots.pem'));
$opts = ['credentials' => $channel_credentials, 'grpc.ssl_target_name_override' => 'pubsub.googleapis.com'];
$client = new google\pubsub\v1\PublisherClient('pubsub.googleapis.com', $opts);
$deadline = Grpc\Timeval::InfFuture();
$req = new google\pubsub\v1\ListTopicsRequest();
$proj = getenv('GAE_LONG_APP_ID');
$req->setProject('projects/' . $proj);
$call = $client->ListTopics($req, [], ['call_credentials_callback' => function ($context) use($auth_credentials) {
return $auth_credentials->updateMetadata([], $context->service_url);
}]);
list($response, $status) = $call->wait();
if ($status->code != 0) {
echo 'gRPC to PubSub failed, printing RPC status:<br>';
print_r($status);
exit(1);
}
foreach ($response->getTopics() as $topic) {
echo $topic->getName() . '<br>';
}
/**
* Gets the credentials fetcher. Precedence begins with user supplied
* credentials fetcher instance, followed by a reference to a key file
* stream, and finally the application default credentials.
*
* @return FetchAuthTokenInterface
*/
public function getCredentialsFetcher()
{
if ($this->credentialsFetcher) {
return $this->credentialsFetcher;
}
if ($this->keyFile) {
return CredentialsLoader::makeCredentials($this->scopes, $this->keyFile);
}
return ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler);
}
