PHP 5 has reached end of support and will be deprecated on January 31, 2026. After deprecation, you won't be able to deploy PHP 5 applications, even if your organization previously used an organization policy to re-enable deployments of legacy runtimes. Your existing PHP 5 applications will continue to run and receive traffic after their deprecation date. We recommend that you migrate to the latest supported version of PHP.

\google\appengine\api\app_identity\AppIdentityService

FINAL

The AppIdentityService allows you to sign arbitrary byte array using per app private key maintained by App Engine. You can also retrieve a list of public certificates which can be used to verify the signature.

App Engine is responsible for maintaining per-application private key. App Engine will keep rotating private keys periodically. App Engine never releases these private keys externally.

Since private keys are rotated periodically, getPublicCertificates() could return a list of public certificates. It's the caller's responsibility to try these certificates one by one when doing signature verification.

Constants

PACKAGE_NAME

PARTITION_SEPARATOR

DOMAIN_SEPARATOR

MEMCACHE_KEY_PREFIX

EXPIRY_SAFETY_MARGIN_SECS

EXPIRY_SHORT_MARGIN_SECS

Methods

signForApp

STATIC

signForApp(string $bytes_to_sign) : array

Signs arbitrary byte array using per app private key.

Parameters

Name Description

Name	Description
`$bytes_to_sign`	`string` The bytes to generate the signature for.

$bytes_to_sign

string

The bytes to generate the signature for.

Throws

\InvalidArgumentException

If $bytes_to_sign is not a string.

\google\appengine\api\app_identity\AppIdentityException

If there is an error using the AppIdentity service.

Returns

array

An array containing the elements 'key_name' - the name of the key used to sign the bytes 'signature' - the signature of the bytes.

getServiceAccountName

STATIC

getServiceAccountName() : string

Get the service account name for the application.

Throws

\google\appengine\api\app_identity\AppIdentityException

If there is an error using the AppIdentity service.

Returns

string

The service account name.

getPublicCertificates

STATIC

getPublicCertificates() : array<mixed,\google\appengine\api\app_identity\PublicCertificate>

Get the list of public certifates for the application.

Throws

\google\appengine\api\app_identity\AppIdentityException

If there is an error using the AppIdentity service.

Returns

array<mixed,\google\appengine\api\app_identity\PublicCertificate>

An array of the applications public certificates.

getAccessToken

STATIC

getAccessToken(array $scopes) : array

Gets an OAuth2 access token for the application's service account from the cache or generates and caches one by calling getAccessTokenUncached($scopes)

Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until they expire.

Parameters

Name Description

Name	Description
`$scopes`	`array` The scopes to acquire the access token for. Can be either a single string or an array of strings.

$scopes

array

The scopes to acquire the access token for. Can be either a single string or an array of strings.

Throws

\InvalidArgumentException

If $scopes is not a string or an array of strings.

\google\appengine\api\app_identity\AppIdentityException

If there is an error using the AppIdentity service.

Returns

array

An array with the following key/value pairs. 'access_token' - The access token for the application. 'expiration_time' - The expiration time for the access token.

getApplicationId

STATIC

getApplicationId() : string

Get the application id of an app.

Returns

string

The application id of the app.

getDefaultVersionHostname

STATIC

getDefaultVersionHostname() : string

Get the standard hostname of the default version of the app.

Returns

string

The standard hostname of the default version of the application, or FALSE if the call failed.