Google Auth Library Client - Class ServiceAccountCredentials (1.45.2)

Reference documentation and code samples for the Google Auth Library Client class ServiceAccountCredentials.

ServiceAccountCredentials supports authorization using a Google service account.

(cf https://developers.google.com/accounts/docs/OAuth2ServiceAccount)

It's initialized using the json key file that's downloadable from developer console, which should contain a private_key and client_email fields that it uses.

Use it with AuthTokenMiddleware to authorize http requests:

use Google\Auth\Credentials\ServiceAccountCredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;

$sa = new ServiceAccountCredentials( 'https://www.googleapis.com/auth/taskqueue', '/path/to/your/json/key_file.json' ); $middleware = new AuthTokenMiddleware($sa); $stack = HandlerStack::create(); $stack->push($middleware);

$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' // authorize all requests ]);

$res = $client->get('myproject/taskqueues/myqueue');

Namespace

Google \ Auth \ Credentials

Methods

__construct

Create a new ServiceAccountCredentials.

Parameters
Name Description
scope string|string[]|null

the scope of the access request, expressed either as an Array or as a space-delimited String.
jsonKey string|array

JSON credential file path or JSON credentials as an associative array
sub string

an email address account to impersonate, in situations when the service account has been delegated domain wide access.
targetAudience string

The audience for the ID token.

useJwtAccessWithScope

When called, the ServiceAccountCredentials will use an instance of ServiceAccountJwtAccessCredentials to fetch (self-sign) an access token even when only scopes are supplied. Otherwise, ServiceAccountJwtAccessCredentials is only called when no scopes and an authUrl (audience) is suppled.

Returns
Type Description
void

fetchAuthToken

Fetches the auth tokens based on the current state.

Parameters
Name Description
httpHandler callable|null
headers array

[optional] Headers to be inserted into the token endpoint request present.
Returns
Type Description
array { A set of auth related metadata, containing the following @type string $access_token @type int $expires_in @type string $token_type }

getCacheKey

Return the Cache Key for the credentials.

For the cache key format is one of the following: ClientEmail.Scope[.Sub] ClientEmail.Audience[.Sub]

Returns
Type Description
string

getLastReceivedToken

Returns an associative array with the token and expiration time.

Returns
Type Description
array

getProjectId

Get the project ID from the service account keyfile.

Returns null if the project ID does not exist in the keyfile.

Parameter
Name Description
httpHandler callable|null

Not used by this credentials type.
Returns
Type Description
string|null

updateMetadata

Updates metadata with the authorization token.

Parameters
Name Description
metadata array

metadata hashmap
authUri string

optional auth uri
httpHandler callable|null

callback which delivers psr7 request
Returns
Type Description
array updated metadata hashmap

setSub

Parameter
Name Description
sub string

an email address account to impersonate, in situations when the service account has been delegated domain wide access.
Returns
Type Description
void

getClientName

Get the client name from the keyfile.

In this case, it returns the keyfile's client_email key.

Parameter
Name Description
httpHandler callable|null

Not used by this credentials type.
Returns
Type Description
string

getPrivateKey

Get the private key from the keyfile.

In this case, it returns the keyfile's private_key key, needed for JWT signing.

Returns
Type Description
string

getQuotaProject

Get the quota project used for this API request

Returns
Type Description
string|null

getUniverseDomain

Get the universe domain configured in the JSON credential.

Returns
Type Description
string