push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); * ``` */ class ApplicationDefaultCredentials { /** * @deprecated * * Obtains an AuthTokenSubscriber that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @return AuthTokenSubscriber * @throws DomainException if no implementation can be obtained. */ public static function getSubscriber(// @phpstan-ignore-line $scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null ) { $creds = self::getCredentials($scope, $httpHandler, $cacheConfig, $cache); /** @phpstan-ignore-next-line */ return new AuthTokenSubscriber($creds, $httpHandler); } /** * Obtains an AuthTokenMiddleware that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @param string $quotaProject specifies a project to bill for access * charges associated with the request. * @return AuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getMiddleware( $scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null, $quotaProject = null ) { $creds = self::getCredentials($scope, $httpHandler, $cacheConfig, $cache, $quotaProject); return new AuthTokenMiddleware($creds, $httpHandler); } /** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @param string $quotaProject specifies a project to bill for access * charges associated with the request. * @param string|string[] $defaultScope The default scope to use if no * user-defined scopes exist, expressed either as an Array or as a * space-delimited string. * * @return FetchAuthTokenInterface * @throws DomainException if no implementation can be obtained. */ public static function getCredentials( $scope = null, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null, $quotaProject = null, $defaultScope = null ) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile(); $anyScope = $scope ?: $defaultScope; if (!$httpHandler) { if (!($client = HttpClientCache::getHttpClient())) { $client = new Client(); HttpClientCache::setHttpClient($client); } $httpHandler = HttpHandlerFactory::build($client); } if (!is_null($jsonKey)) { if ($quotaProject) { $jsonKey['quota_project_id'] = $quotaProject; } $creds = CredentialsLoader::makeCredentials( $scope, $jsonKey, $defaultScope ); } elseif (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) { $creds = new AppIdentityCredentials($anyScope); } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) { $creds = new GCECredentials(null, $anyScope, null, $quotaProject); } if (is_null($creds)) { throw new DomainException(self::notFound()); } if (!is_null($cache)) { $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache); } return $creds; } /** * Obtains an AuthTokenMiddleware which will fetch an ID token to use in the * Authorization header. The middleware is configured with the default * FetchAuthTokenInterface implementation to use in this environment. * * If supplied, $targetAudience is used to set the "aud" on the resulting * ID token. * * @param string $targetAudience The audience for the ID token. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @return AuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getIdTokenMiddleware( $targetAudience, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null ) { $creds = self::getIdTokenCredentials($targetAudience, $httpHandler, $cacheConfig, $cache); return new AuthTokenMiddleware($creds, $httpHandler); } /** * Obtains an ProxyAuthTokenMiddleware which will fetch an ID token to use in the * Authorization header. The middleware is configured with the default * FetchAuthTokenInterface implementation to use in this environment. * * If supplied, $targetAudience is used to set the "aud" on the resulting * ID token. * * @param string $targetAudience The audience for the ID token. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @return ProxyAuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getProxyIdTokenMiddleware( $targetAudience, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null ) { $creds = self::getIdTokenCredentials($targetAudience, $httpHandler, $cacheConfig, $cache); return new ProxyAuthTokenMiddleware($creds, $httpHandler); } /** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment, configured with a $targetAudience for fetching an ID * token. * * @param string $targetAudience The audience for the ID token. * @param callable $httpHandler callback which delivers psr7 request * @param array $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface $cache A cache implementation, may be * provided if you have one already available for use. * @return FetchAuthTokenInterface * @throws DomainException if no implementation can be obtained. * @throws InvalidArgumentException if JSON "type" key is invalid */ public static function getIdTokenCredentials( $targetAudience, callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null ) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile(); if (!$httpHandler) { if (!($client = HttpClientCache::getHttpClient())) { $client = new Client(); HttpClientCache::setHttpClient($client); } $httpHandler = HttpHandlerFactory::build($client); } if (!is_null($jsonKey)) { if (!array_key_exists('type', $jsonKey)) { throw new \InvalidArgumentException('json key is missing the type field'); } if ($jsonKey['type'] == 'authorized_user') { throw new InvalidArgumentException('ID tokens are not supported for end user credentials'); } if ($jsonKey['type'] != 'service_account') { throw new InvalidArgumentException('invalid value in the type field'); } $creds = new ServiceAccountCredentials(null, $jsonKey, null, $targetAudience); } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) { $creds = new GCECredentials(null, null, $targetAudience); } if (is_null($creds)) { throw new DomainException(self::notFound()); } if (!is_null($cache)) { $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache); } return $creds; } /** * @return string */ private static function notFound() { $msg = 'Could not load the default credentials. Browse to '; $msg .= 'https://developers.google.com'; $msg .= '/accounts/docs/application-default-credentials'; $msg .= ' for more information'; return $msg; } /** * @param callable $httpHandler * @param array $cacheConfig * @param CacheItemPoolInterface $cache * @return bool */ private static function onGce( callable $httpHandler = null, array $cacheConfig = null, CacheItemPoolInterface $cache = null ) { $gceCacheConfig = []; foreach (['lifetime', 'prefix'] as $key) { if (isset($cacheConfig['gce_' . $key])) { $gceCacheConfig[$key] = $cacheConfig['gce_' . $key]; } } return (new GCECache($gceCacheConfig, $cache))->onGce($httpHandler); } }