private function createApplicationDefaultCredentials()
{
$scopes = $this->prepareScopes();
$sub = $this->config['subject'];
$signingKey = $this->config['signing_key'];
// create credentials using values supplied in setAuthConfig
if ($signingKey) {
$serviceAccountCredentials = array('client_id' => $this->config['client_id'], 'client_email' => $this->config['client_email'], 'private_key' => $signingKey, 'type' => 'service_account');
$keyStream = Psr7\stream_for(json_encode($serviceAccountCredentials));
$credentials = CredentialsLoader::makeCredentials($scopes, $keyStream);
} else {
$credentials = ApplicationDefaultCredentials::getCredentials($scopes);
}
// for service account domain-wide authority (impersonating a user)
// @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount
if ($sub) {
if (!$credentials instanceof ServiceAccountCredentials) {
throw new DomainException('domain-wide authority requires service account credentials');
}
$credentials->setSub($sub);
}
return $credentials;
}
/**
* Gets the credentials fetcher and sets up caching. Precedence begins with
* user supplied credentials fetcher instance, followed by a reference to a
* key file stream, and finally the application default credentials.
*
* @return FetchAuthTokenInterface
*/
public function getCredentialsFetcher()
{
$fetcher = null;
if ($this->credentialsFetcher) {
$fetcher = $this->credentialsFetcher;
} elseif ($this->keyFile) {
$fetcher = CredentialsLoader::makeCredentials($this->scopes, $this->keyFile);
} else {
$fetcher = ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler);
}
return new FetchAuthTokenCache($fetcher, $this->authCacheOptions, $this->authCache);
}
/**
* Obtains the default FetchAuthTokenInterface implementation to use
* in this environment.
*
* If supplied, $scope is used to in creating the credentials instance if
* this does not fallback to the Compute Engine defaults.
*
* @param string|array scope the scope of the access request, expressed
* either as an Array or as a space-delimited String.
* @param callable $httpHandler callback which delivers psr7 request
* @param array $cacheConfig configuration for the cache when it's present
* @param CacheItemPoolInterface $cache
*
* @return CredentialsLoader
*
* @throws DomainException if no implementation can be obtained.
*/
public static function getCredentials($scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null)
{
$creds = null;
$jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile();
if (!is_null($jsonKey)) {
$creds = CredentialsLoader::makeCredentials($scope, $jsonKey);
}
if (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) {
$creds = new AppIdentityCredentials($scope);
}
if (GCECredentials::onGce($httpHandler)) {
$creds = new GCECredentials();
}
if (is_null($creds)) {
throw new \DomainException(self::notFound());
}
if (!is_null($cache)) {
$creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache);
}
return $creds;
}
/**
* Gets the credentials fetcher. Precedence begins with user supplied
* credentials fetcher instance, followed by a reference to a key file
* stream, and finally the application default credentials.
*
* @return FetchAuthTokenInterface
*/
public function getCredentialsFetcher()
{
if ($this->credentialsFetcher) {
return $this->credentialsFetcher;
}
if ($this->keyFile) {
return CredentialsLoader::makeCredentials($this->scopes, $this->keyFile);
}
return ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler);
}
