Google Auth Library Client - Class CredentialsLoader (1.45.2)

Reference documentation and code samples for the Google Auth Library Client class CredentialsLoader.

CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.

Namespace

Google \ Auth

Methods

getUniverseDomain

Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.

Returns
Type Description
string

static::fromEnv

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Returns
Type Description
array|null JSON key | null

static::fromWellKnownFile

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exist, this returns null.

Returns
Type Description
array|null JSON key | null

static::makeCredentials

Create a new Credentials instance.

Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information https://cloud.google.com/docs/authentication/external/externally-sourced-credentials

Parameters
Name Description
scope string|string[]

the scope of the access request, expressed either as an Array or as a space-delimited String.

jsonKey array

the JSON credentials.

defaultScope string|string[]

The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string.

Returns
Type Description
Credentials\ServiceAccountCredentials|Credentials\UserRefreshCredentials|Credentials\ImpersonatedServiceAccountCredentials|Credentials\ExternalAccountCredentials

static::makeHttpClient

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters
Name Description
fetcher FetchAuthTokenInterface

is used to fetch the auth token

httpClientOptions array

(optional) Array of request options to apply.

httpHandler callable|null

(optional) http client to fetch the token.

tokenCallback callable|null

(optional) function to be called when a new token is fetched.

Returns
Type Description
GuzzleHttp\Client

static::makeInsecureCredentials

Create a new instance of InsecureCredentials.

Returns
Type Description
Credentials\InsecureCredentials

static::quotaProjectFromEnv

Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.

Returns
Type Description
string|null

static::getDefaultClientCertSource

Gets a callable which returns the default device certification.

Returns
Type Description
callable|null

static::shouldLoadClientCertSource

Determines whether or not the default device certificate should be loaded.

Returns
Type Description
bool

Constants

TOKEN_CREDENTIAL_URI

Value: 'https://oauth2.googleapis.com/token'

ENV_VAR

Value: 'GOOGLE_APPLICATION_CREDENTIALS'

QUOTA_PROJECT_ENV_VAR

Value: 'GOOGLE_CLOUD_QUOTA_PROJECT'

WELL_KNOWN_PATH

Value: 'gcloud/application_default_credentials.json'

NON_WINDOWS_WELL_KNOWN_PATH_BASE

Value: '.config'

MTLS_WELL_KNOWN_PATH

Value: '.secureConnect/context_aware_metadata.json'

MTLS_CERT_ENV_VAR

Value: 'GOOGLE_API_USE_CLIENT_CERTIFICATE'