Reference documentation and code samples for the Google Auth Library Client class CredentialsLoader.
CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.
Namespace
Google \ AuthMethods
getUniverseDomain
Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.
| Returns | |
|---|---|
| Type | Description |
string |
|
static::fromEnv
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
| Returns | |
|---|---|
| Type | Description |
array|null |
JSON key | null |
static::fromWellKnownFile
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
| Returns | |
|---|---|
| Type | Description |
array|null |
JSON key | null |
static::makeCredentials
Create a new Credentials instance.
Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information https://cloud.google.com/docs/authentication/external/externally-sourced-credentials
| Parameters | |
|---|---|
| Name | Description |
scope |
string|string[]
the scope of the access request, expressed either as an Array or as a space-delimited String. |
jsonKey |
array
the JSON credentials. |
defaultScope |
string|string[]
The default scope to use if no user-defined scopes exist, expressed either as an Array or as a space-delimited string. |
| Returns | |
|---|---|
| Type | Description |
Credentials\ServiceAccountCredentials|Credentials\UserRefreshCredentials|Credentials\ImpersonatedServiceAccountCredentials|Credentials\ExternalAccountCredentials |
|
static::makeHttpClient
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
| Parameters | |
|---|---|
| Name | Description |
fetcher |
FetchAuthTokenInterface
is used to fetch the auth token |
httpClientOptions |
array
(optional) Array of request options to apply. |
httpHandler |
callable|null
(optional) http client to fetch the token. |
tokenCallback |
callable|null
(optional) function to be called when a new token is fetched. |
| Returns | |
|---|---|
| Type | Description |
GuzzleHttp\Client |
|
static::makeInsecureCredentials
Create a new instance of InsecureCredentials.
| Returns | |
|---|---|
| Type | Description |
Credentials\InsecureCredentials |
|
static::quotaProjectFromEnv
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
| Returns | |
|---|---|
| Type | Description |
string|null |
|
static::getDefaultClientCertSource
Gets a callable which returns the default device certification.
| Returns | |
|---|---|
| Type | Description |
callable|null |
|
static::shouldLoadClientCertSource
Determines whether or not the default device certificate should be loaded.
| Returns | |
|---|---|
| Type | Description |
bool |
|
Constants
TOKEN_CREDENTIAL_URI
Value: 'https://oauth2.googleapis.com/token'ENV_VAR
Value: 'GOOGLE_APPLICATION_CREDENTIALS'QUOTA_PROJECT_ENV_VAR
Value: 'GOOGLE_CLOUD_QUOTA_PROJECT'WELL_KNOWN_PATH
Value: 'gcloud/application_default_credentials.json'NON_WINDOWS_WELL_KNOWN_PATH_BASE
Value: '.config'MTLS_WELL_KNOWN_PATH
Value: '.secureConnect/context_aware_metadata.json'MTLS_CERT_ENV_VAR
Value: 'GOOGLE_API_USE_CLIENT_CERTIFICATE'