private function createApplicationDefaultCredentials() { $scopes = $this->prepareScopes(); $sub = $this->config['subject']; $signingKey = $this->config['signing_key']; // create credentials using values supplied in setAuthConfig if ($signingKey) { $serviceAccountCredentials = array('client_id' => $this->config['client_id'], 'client_email' => $this->config['client_email'], 'private_key' => $signingKey, 'type' => 'service_account'); $keyStream = Psr7\stream_for(json_encode($serviceAccountCredentials)); $credentials = CredentialsLoader::makeCredentials($scopes, $keyStream); } else { $credentials = ApplicationDefaultCredentials::getCredentials($scopes); } // for service account domain-wide authority (impersonating a user) // @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount if ($sub) { if (!$credentials instanceof ServiceAccountCredentials) { throw new DomainException('domain-wide authority requires service account credentials'); } $credentials->setSub($sub); } return $credentials; }
/** * Gets the credentials fetcher and sets up caching. Precedence begins with * user supplied credentials fetcher instance, followed by a reference to a * key file stream, and finally the application default credentials. * * @return FetchAuthTokenInterface */ public function getCredentialsFetcher() { $fetcher = null; if ($this->credentialsFetcher) { $fetcher = $this->credentialsFetcher; } elseif ($this->keyFile) { $fetcher = CredentialsLoader::makeCredentials($this->scopes, $this->keyFile); } else { $fetcher = ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler); } return new FetchAuthTokenCache($fetcher, $this->authCacheOptions, $this->authCache); }
/** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the Compute Engine defaults. * * @param string|array scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache * * @return CredentialsLoader * * @throws DomainException if no implementation can be obtained. */ public static function getCredentials($scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile(); if (!is_null($jsonKey)) { $creds = CredentialsLoader::makeCredentials($scope, $jsonKey); } if (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) { $creds = new AppIdentityCredentials($scope); } if (GCECredentials::onGce($httpHandler)) { $creds = new GCECredentials(); } if (is_null($creds)) { throw new \DomainException(self::notFound()); } if (!is_null($cache)) { $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache); } return $creds; }
/** * Gets the credentials fetcher. Precedence begins with user supplied * credentials fetcher instance, followed by a reference to a key file * stream, and finally the application default credentials. * * @return FetchAuthTokenInterface */ public function getCredentialsFetcher() { if ($this->credentialsFetcher) { return $this->credentialsFetcher; } if ($this->keyFile) { return CredentialsLoader::makeCredentials($this->scopes, $this->keyFile); } return ApplicationDefaultCredentials::getCredentials($this->scopes, $this->authHttpHandler); }