Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

Client.php

Last change on this file was e3d4e0a, checked in by Vlado 222039 <vlado.popovski@…>, 7 days ago
Upload project files
Property mode set to `100644`
File size: 44.2 KB

Line
1	<?php
2	/*
3	* Copyright 2010 Google Inc.
4	*
5	* Licensed under the Apache License, Version 2.0 (the "License");
6	* you may not use this file except in compliance with the License.
7	* You may obtain a copy of the License at
8	*
9	* http://www.apache.org/licenses/LICENSE-2.0
10	*
11	* Unless required by applicable law or agreed to in writing, software
12	* distributed under the License is distributed on an "AS IS" BASIS,
13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	* See the License for the specific language governing permissions and
15	* limitations under the License.
16	*/
17
18	namespace Google;
19
20	use BadMethodCallException;
21	use DomainException;
22	use Google\AccessToken\Revoke;
23	use Google\AccessToken\Verify;
24	use Google\Auth\ApplicationDefaultCredentials;
25	use Google\Auth\Cache\MemoryCacheItemPool;
26	use Google\Auth\Credentials\ServiceAccountCredentials;
27	use Google\Auth\Credentials\UserRefreshCredentials;
28	use Google\Auth\CredentialsLoader;
29	use Google\Auth\FetchAuthTokenCache;
30	use Google\Auth\GetUniverseDomainInterface;
31	use Google\Auth\HttpHandler\HttpHandlerFactory;
32	use Google\Auth\OAuth2;
33	use Google\AuthHandler\AuthHandlerFactory;
34	use Google\Http\REST;
35	use GuzzleHttp\Client as GuzzleClient;
36	use GuzzleHttp\ClientInterface;
37	use GuzzleHttp\Ring\Client\StreamHandler;
38	use InvalidArgumentException;
39	use LogicException;
40	use Monolog\Handler\StreamHandler as MonologStreamHandler;
41	use Monolog\Handler\SyslogHandler as MonologSyslogHandler;
42	use Monolog\Logger;
43	use Psr\Cache\CacheItemPoolInterface;
44	use Psr\Http\Message\RequestInterface;
45	use Psr\Http\Message\ResponseInterface;
46	use Psr\Log\LoggerInterface;
47	use UnexpectedValueException;
48
49	/**
50	* The Google API Client
51	* https://github.com/google/google-api-php-client
52	*/
53	class Client
54	{
55	const LIBVER = "2.12.6";
56	const USER_AGENT_SUFFIX = "google-api-php-client/";
57	const OAUTH2_REVOKE_URI = 'https://oauth2.googleapis.com/revoke';
58	const OAUTH2_TOKEN_URI = 'https://oauth2.googleapis.com/token';
59	const OAUTH2_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
60	const API_BASE_PATH = 'https://www.googleapis.com';
61
62	/**
63	* @var ?OAuth2 $auth
64	*/
65	private $auth;
66
67	/**
68	* @var ClientInterface $http
69	*/
70	private $http;
71
72	/**
73	* @var ?CacheItemPoolInterface $cache
74	*/
75	private $cache;
76
77	/**
78	* @var array access token
79	*/
80	private $token;
81
82	/**
83	* @var array $config
84	*/
85	private $config;
86
87	/**
88	* @var ?LoggerInterface $logger
89	*/
90	private $logger;
91
92	/**
93	* @var ?CredentialsLoader $credentials
94	*/
95	private $credentials;
96
97	/**
98	* @var boolean $deferExecution
99	*/
100	private $deferExecution = false;
101
102	/** @var array $scopes */
103	// Scopes requested by the client
104	protected $requestedScopes = [];
105
106	/**
107	* Construct the Google Client.
108	*
109	* @param array $config {
110	* An array of required and optional arguments.
111	*
112	* @type string $application_name
113	* The name of your application
114	* @type string $base_path
115	* The base URL for the service. This is only accounted for when calling
116	* {@see Client::authorize()} directly.
117	* @type string $client_id
118	* Your Google Cloud client ID found in https://developers.google.com/console
119	* @type string $client_secret
120	* Your Google Cloud client secret found in https://developers.google.com/console
121	* @type string\|array\|CredentialsLoader $credentials
122	* Can be a path to JSON credentials or an array representing those
123	* credentials (@see Google\Client::setAuthConfig), or an instance of
124	* {@see CredentialsLoader}.
125	* @type string\|array $scopes
126	* {@see Google\Client::setScopes}
127	* @type string $quota_project
128	* Sets X-Goog-User-Project, which specifies a user project to bill
129	* for access charges associated with the request.
130	* @type string $redirect_uri
131	* @type string $state
132	* @type string $developer_key
133	* Simple API access key, also from the API console. Ensure you get
134	* a Server key, and not a Browser key.
135	* NOTE: The universe domain is assumed to be "googleapis.com" unless
136	* explicitly set. When setting an API ley directly via this option, there
137	* is no way to verify the universe domain. Be sure to set the
138	* "universe_domain" option if "googleapis.com" is not intended.
139	* @type bool $use_application_default_credentials
140	* For use with Google Cloud Platform
141	* fetch the ApplicationDefaultCredentials, if applicable
142	* {@see https://developers.google.com/identity/protocols/application-default-credentials}
143	* @type string $signing_key
144	* @type string $signing_algorithm
145	* @type string $subject
146	* @type string $hd
147	* @type string $prompt
148	* @type string $openid
149	* @type bool $include_granted_scopes
150	* @type string $login_hint
151	* @type string $request_visible_actions
152	* @type string $access_type
153	* @type string $approval_prompt
154	* @type array $retry
155	* Task Runner retry configuration
156	* {@see \Google\Task\Runner}
157	* @type array $retry_map
158	* @type CacheItemPoolInterface $cache
159	* Cache class implementing {@see CacheItemPoolInterface}. Defaults
160	* to {@see MemoryCacheItemPool}.
161	* @type array $cache_config
162	* Cache config for downstream auth caching.
163	* @type callable $token_callback
164	* Function to be called when an access token is fetched. Follows
165	* the signature `function (string $cacheKey, string $accessToken)`.
166	* @type \Firebase\JWT $jwt
167	* Service class used in {@see Client::verifyIdToken()}. Explicitly
168	* pass this in to avoid setting {@see \Firebase\JWT::$leeway}
169	* @type bool $api_format_v2
170	* Setting api_format_v2 will return more detailed error messages
171	* from certain APIs.
172	* @type string $universe_domain
173	* Setting the universe domain will change the default rootUrl of the service.
174	* If not set explicitly, the universe domain will be the value provided in the
175	*. "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable, or "googleapis.com".
176	* }
177	*/
178	public function __construct(array $config = [])
179	{
180	$this->config = array_merge([
181	'application_name' => '',
182	'base_path' => self::API_BASE_PATH,
183	'client_id' => '',
184	'client_secret' => '',
185	'credentials' => null,
186	'scopes' => null,
187	'quota_project' => null,
188	'redirect_uri' => null,
189	'state' => null,
190	'developer_key' => '',
191	'use_application_default_credentials' => false,
192	'signing_key' => null,
193	'signing_algorithm' => null,
194	'subject' => null,
195	'hd' => '',
196	'prompt' => '',
197	'openid.realm' => '',
198	'include_granted_scopes' => null,
199	'logger' => null,
200	'login_hint' => '',
201	'request_visible_actions' => '',
202	'access_type' => 'online',
203	'approval_prompt' => 'auto',
204	'retry' => [],
205	'retry_map' => null,
206	'cache' => null,
207	'cache_config' => [],
208	'token_callback' => null,
209	'jwt' => null,
210	'api_format_v2' => false,
211	'universe_domain' => getenv('GOOGLE_CLOUD_UNIVERSE_DOMAIN')
212	?: GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN,
213	], $config);
214
215	if (!is_null($this->config['credentials'])) {
216	if ($this->config['credentials'] instanceof CredentialsLoader) {
217	$this->credentials = $this->config['credentials'];
218	} else {
219	$this->setAuthConfig($this->config['credentials']);
220	}
221	unset($this->config['credentials']);
222	}
223
224	if (!is_null($this->config['scopes'])) {
225	$this->setScopes($this->config['scopes']);
226	unset($this->config['scopes']);
227	}
228
229	// Set a default token callback to update the in-memory access token
230	if (is_null($this->config['token_callback'])) {
231	$this->config['token_callback'] = function ($cacheKey, $newAccessToken) {
232	$this->setAccessToken(
233	[
234	'access_token' => $newAccessToken,
235	'expires_in' => 3600, // Google default
236	'created' => time(),
237	]
238	);
239	};
240	}
241
242	if (!is_null($this->config['cache'])) {
243	$this->setCache($this->config['cache']);
244	unset($this->config['cache']);
245	}
246
247	if (!is_null($this->config['logger'])) {
248	$this->setLogger($this->config['logger']);
249	unset($this->config['logger']);
250	}
251	}
252
253	/**
254	* Get a string containing the version of the library.
255	*
256	* @return string
257	*/
258	public function getLibraryVersion()
259	{
260	return self::LIBVER;
261	}
262
263	/**
264	* For backwards compatibility
265	* alias for fetchAccessTokenWithAuthCode
266	*
267	* @param string $code string code from accounts.google.com
268	* @return array access token
269	* @deprecated
270	*/
271	public function authenticate($code)
272	{
273	return $this->fetchAccessTokenWithAuthCode($code);
274	}
275
276	/**
277	* Attempt to exchange a code for an valid authentication token.
278	* Helper wrapped around the OAuth 2.0 implementation.
279	*
280	* @param string $code code from accounts.google.com
281	* @param string $codeVerifier the code verifier used for PKCE (if applicable)
282	* @return array access token
283	*/
284	public function fetchAccessTokenWithAuthCode($code, $codeVerifier = null)
285	{
286	if (strlen($code) == 0) {
287	throw new InvalidArgumentException("Invalid code");
288	}
289
290	$auth = $this->getOAuth2Service();
291	$auth->setCode($code);
292	$auth->setRedirectUri($this->getRedirectUri());
293	if ($codeVerifier) {
294	$auth->setCodeVerifier($codeVerifier);
295	}
296
297	$httpHandler = HttpHandlerFactory::build($this->getHttpClient());
298	$creds = $auth->fetchAuthToken($httpHandler);
299	if ($creds && isset($creds['access_token'])) {
300	$creds['created'] = time();
301	$this->setAccessToken($creds);
302	}
303
304	return $creds;
305	}
306
307	/**
308	* For backwards compatibility
309	* alias for fetchAccessTokenWithAssertion
310	*
311	* @return array access token
312	* @deprecated
313	*/
314	public function refreshTokenWithAssertion()
315	{
316	return $this->fetchAccessTokenWithAssertion();
317	}
318
319	/**
320	* Fetches a fresh access token with a given assertion token.
321	* @param ClientInterface $authHttp optional.
322	* @return array access token
323	*/
324	public function fetchAccessTokenWithAssertion(?ClientInterface $authHttp = null)
325	{
326	if (!$this->isUsingApplicationDefaultCredentials()) {
327	throw new DomainException(
328	'set the JSON service account credentials using'
329	. ' Google\Client::setAuthConfig or set the path to your JSON file'
330	. ' with the "GOOGLE_APPLICATION_CREDENTIALS" environment variable'
331	. ' and call Google\Client::useApplicationDefaultCredentials to'
332	. ' refresh a token with assertion.'
333	);
334	}
335
336	$this->getLogger()->log(
337	'info',
338	'OAuth2 access token refresh with Signed JWT assertion grants.'
339	);
340
341	$credentials = $this->createApplicationDefaultCredentials();
342
343	$httpHandler = HttpHandlerFactory::build($authHttp);
344	$creds = $credentials->fetchAuthToken($httpHandler);
345	if ($creds && isset($creds['access_token'])) {
346	$creds['created'] = time();
347	$this->setAccessToken($creds);
348	}
349
350	return $creds;
351	}
352
353	/**
354	* For backwards compatibility
355	* alias for fetchAccessTokenWithRefreshToken
356	*
357	* @param string $refreshToken
358	* @return array access token
359	*/
360	public function refreshToken($refreshToken)
361	{
362	return $this->fetchAccessTokenWithRefreshToken($refreshToken);
363	}
364
365	/**
366	* Fetches a fresh OAuth 2.0 access token with the given refresh token.
367	* @param string $refreshToken
368	* @return array access token
369	*/
370	public function fetchAccessTokenWithRefreshToken($refreshToken = null)
371	{
372	if (null === $refreshToken) {
373	if (!isset($this->token['refresh_token'])) {
374	throw new LogicException(
375	'refresh token must be passed in or set as part of setAccessToken'
376	);
377	}
378	$refreshToken = $this->token['refresh_token'];
379	}
380	$this->getLogger()->info('OAuth2 access token refresh');
381	$auth = $this->getOAuth2Service();
382	$auth->setRefreshToken($refreshToken);
383
384	$httpHandler = HttpHandlerFactory::build($this->getHttpClient());
385	$creds = $auth->fetchAuthToken($httpHandler);
386	if ($creds && isset($creds['access_token'])) {
387	$creds['created'] = time();
388	if (!isset($creds['refresh_token'])) {
389	$creds['refresh_token'] = $refreshToken;
390	}
391	$this->setAccessToken($creds);
392	}
393
394	return $creds;
395	}
396
397	/**
398	* Create a URL to obtain user authorization.
399	* The authorization endpoint allows the user to first
400	* authenticate, and then grant/deny the access request.
401	* @param string\|array $scope The scope is expressed as an array or list of space-delimited strings.
402	* @param array $queryParams Querystring params to add to the authorization URL.
403	* @return string
404	*/
405	public function createAuthUrl($scope = null, array $queryParams = [])
406	{
407	if (empty($scope)) {
408	$scope = $this->prepareScopes();
409	}
410	if (is_array($scope)) {
411	$scope = implode(' ', $scope);
412	}
413
414	// only accept one of prompt or approval_prompt
415	$approvalPrompt = $this->config['prompt']
416	? null
417	: $this->config['approval_prompt'];
418
419	// include_granted_scopes should be string "true", string "false", or null
420	$includeGrantedScopes = $this->config['include_granted_scopes'] === null
421	? null
422	: var_export($this->config['include_granted_scopes'], true);
423
424	$params = array_filter([
425	'access_type' => $this->config['access_type'],
426	'approval_prompt' => $approvalPrompt,
427	'hd' => $this->config['hd'],
428	'include_granted_scopes' => $includeGrantedScopes,
429	'login_hint' => $this->config['login_hint'],
430	'openid.realm' => $this->config['openid.realm'],
431	'prompt' => $this->config['prompt'],
432	'redirect_uri' => $this->config['redirect_uri'],
433	'response_type' => 'code',
434	'scope' => $scope,
435	'state' => $this->config['state'],
436	]) + $queryParams;
437
438	// If the list of scopes contains plus.login, add request_visible_actions
439	// to auth URL.
440	$rva = $this->config['request_visible_actions'];
441	if (strlen($rva) > 0 && false !== strpos($scope, 'plus.login')) {
442	$params['request_visible_actions'] = $rva;
443	}
444
445	$auth = $this->getOAuth2Service();
446
447	return (string) $auth->buildFullAuthorizationUri($params);
448	}
449
450	/**
451	* Adds auth listeners to the HTTP client based on the credentials
452	* set in the Google API Client object
453	*
454	* @param ClientInterface $http the http client object.
455	* @return ClientInterface the http client object
456	*/
457	public function authorize(?ClientInterface $http = null)
458	{
459	$http = $http ?: $this->getHttpClient();
460	$authHandler = $this->getAuthHandler();
461
462	// These conditionals represent the decision tree for authentication
463	// 1. Check if a Google\Auth\CredentialsLoader instance has been supplied via the "credentials" option
464	// 2. Check for Application Default Credentials
465	// 3a. Check for an Access Token
466	// 3b. If access token exists but is expired, try to refresh it
467	// 4. Check for API Key
468	if ($this->credentials) {
469	$this->checkUniverseDomain($this->credentials);
470	return $authHandler->attachCredentials(
471	$http,
472	$this->credentials,
473	$this->config['token_callback']
474	);
475	}
476
477	if ($this->isUsingApplicationDefaultCredentials()) {
478	$credentials = $this->createApplicationDefaultCredentials();
479	$this->checkUniverseDomain($credentials);
480	return $authHandler->attachCredentialsCache(
481	$http,
482	$credentials,
483	$this->config['token_callback']
484	);
485	}
486
487	if ($token = $this->getAccessToken()) {
488	$scopes = $this->prepareScopes();
489	// add refresh subscriber to request a new token
490	if (isset($token['refresh_token']) && $this->isAccessTokenExpired()) {
491	$credentials = $this->createUserRefreshCredentials(
492	$scopes,
493	$token['refresh_token']
494	);
495	$this->checkUniverseDomain($credentials);
496	return $authHandler->attachCredentials(
497	$http,
498	$credentials,
499	$this->config['token_callback']
500	);
501	}
502
503	return $authHandler->attachToken($http, $token, (array) $scopes);
504	}
505
506	if ($key = $this->config['developer_key']) {
507	return $authHandler->attachKey($http, $key);
508	}
509
510	return $http;
511	}
512
513	/**
514	* Set the configuration to use application default credentials for
515	* authentication
516	*
517	* @see https://developers.google.com/identity/protocols/application-default-credentials
518	* @param boolean $useAppCreds
519	*/
520	public function useApplicationDefaultCredentials($useAppCreds = true)
521	{
522	$this->config['use_application_default_credentials'] = $useAppCreds;
523	}
524
525	/**
526	* To prevent useApplicationDefaultCredentials from inappropriately being
527	* called in a conditional
528	*
529	* @see https://developers.google.com/identity/protocols/application-default-credentials
530	*/
531	public function isUsingApplicationDefaultCredentials()
532	{
533	return $this->config['use_application_default_credentials'];
534	}
535
536	/**
537	* Set the access token used for requests.
538	*
539	* Note that at the time requests are sent, tokens are cached. A token will be
540	* cached for each combination of service and authentication scopes. If a
541	* cache pool is not provided, creating a new instance of the client will
542	* allow modification of access tokens. If a persistent cache pool is
543	* provided, in order to change the access token, you must clear the cached
544	* token by calling `$client->getCache()->clear()`. (Use caution in this case,
545	* as calling `clear()` will remove all cache items, including any items not
546	* related to Google API PHP Client.)
547	*
548	* NOTE: The universe domain is assumed to be "googleapis.com" unless
549	* explicitly set. When setting an access token directly via this method, there
550	* is no way to verify the universe domain. Be sure to set the "universe_domain"
551	* option if "googleapis.com" is not intended.
552	*
553	* @param string\|array $token
554	* @throws InvalidArgumentException
555	*/
556	public function setAccessToken($token)
557	{
558	if (is_string($token)) {
559	if ($json = json_decode($token, true)) {
560	$token = $json;
561	} else {
562	// assume $token is just the token string
563	$token = [
564	'access_token' => $token,
565	];
566	}
567	}
568	if ($token == null) {
569	throw new InvalidArgumentException('invalid json token');
570	}
571	if (!isset($token['access_token'])) {
572	throw new InvalidArgumentException("Invalid token format");
573	}
574	$this->token = $token;
575	}
576
577	public function getAccessToken()
578	{
579	return $this->token;
580	}
581
582	/**
583	* @return string\|null
584	*/
585	public function getRefreshToken()
586	{
587	if (isset($this->token['refresh_token'])) {
588	return $this->token['refresh_token'];
589	}
590
591	return null;
592	}
593
594	/**
595	* Returns if the access_token is expired.
596	* @return bool Returns True if the access_token is expired.
597	*/
598	public function isAccessTokenExpired()
599	{
600	if (!$this->token) {
601	return true;
602	}
603
604	$created = 0;
605	if (isset($this->token['created'])) {
606	$created = $this->token['created'];
607	} elseif (isset($this->token['id_token'])) {
608	// check the ID token for "iat"
609	// signature verification is not required here, as we are just
610	// using this for convenience to save a round trip request
611	// to the Google API server
612	$idToken = $this->token['id_token'];
613	if (substr_count($idToken, '.') == 2) {
614	$parts = explode('.', $idToken);
615	$payload = json_decode(base64_decode($parts[1]), true);
616	if ($payload && isset($payload['iat'])) {
617	$created = $payload['iat'];
618	}
619	}
620	}
621	if (!isset($this->token['expires_in'])) {
622	// if the token does not have an "expires_in", then it's considered expired
623	return true;
624	}
625
626	// If the token is set to expire in the next 30 seconds.
627	return ($created + ($this->token['expires_in'] - 30)) < time();
628	}
629
630	/**
631	* @deprecated See UPGRADING.md for more information
632	*/
633	public function getAuth()
634	{
635	throw new BadMethodCallException(
636	'This function no longer exists. See UPGRADING.md for more information'
637	);
638	}
639
640	/**
641	* @deprecated See UPGRADING.md for more information
642	*/
643	public function setAuth($auth)
644	{
645	throw new BadMethodCallException(
646	'This function no longer exists. See UPGRADING.md for more information'
647	);
648	}
649
650	/**
651	* Set the OAuth 2.0 Client ID.
652	* @param string $clientId
653	*/
654	public function setClientId($clientId)
655	{
656	$this->config['client_id'] = $clientId;
657	}
658
659	public function getClientId()
660	{
661	return $this->config['client_id'];
662	}
663
664	/**
665	* Set the OAuth 2.0 Client Secret.
666	* @param string $clientSecret
667	*/
668	public function setClientSecret($clientSecret)
669	{
670	$this->config['client_secret'] = $clientSecret;
671	}
672
673	public function getClientSecret()
674	{
675	return $this->config['client_secret'];
676	}
677
678	/**
679	* Set the OAuth 2.0 Redirect URI.
680	* @param string $redirectUri
681	*/
682	public function setRedirectUri($redirectUri)
683	{
684	$this->config['redirect_uri'] = $redirectUri;
685	}
686
687	public function getRedirectUri()
688	{
689	return $this->config['redirect_uri'];
690	}
691
692	/**
693	* Set OAuth 2.0 "state" parameter to achieve per-request customization.
694	* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.1.2.2
695	* @param string $state
696	*/
697	public function setState($state)
698	{
699	$this->config['state'] = $state;
700	}
701
702	/**
703	* @param string $accessType Possible values for access_type include:
704	* {@code "offline"} to request offline access from the user.
705	* {@code "online"} to request online access from the user.
706	*/
707	public function setAccessType($accessType)
708	{
709	$this->config['access_type'] = $accessType;
710	}
711
712	/**
713	* @param string $approvalPrompt Possible values for approval_prompt include:
714	* {@code "force"} to force the approval UI to appear.
715	* {@code "auto"} to request auto-approval when possible. (This is the default value)
716	*/
717	public function setApprovalPrompt($approvalPrompt)
718	{
719	$this->config['approval_prompt'] = $approvalPrompt;
720	}
721
722	/**
723	* Set the login hint, email address or sub id.
724	* @param string $loginHint
725	*/
726	public function setLoginHint($loginHint)
727	{
728	$this->config['login_hint'] = $loginHint;
729	}
730
731	/**
732	* Set the application name, this is included in the User-Agent HTTP header.
733	* @param string $applicationName
734	*/
735	public function setApplicationName($applicationName)
736	{
737	$this->config['application_name'] = $applicationName;
738	}
739
740	/**
741	* If 'plus.login' is included in the list of requested scopes, you can use
742	* this method to define types of app activities that your app will write.
743	* You can find a list of available types here:
744	* @link https://developers.google.com/+/api/moment-types
745	*
746	* @param array $requestVisibleActions Array of app activity types
747	*/
748	public function setRequestVisibleActions($requestVisibleActions)
749	{
750	if (is_array($requestVisibleActions)) {
751	$requestVisibleActions = implode(" ", $requestVisibleActions);
752	}
753	$this->config['request_visible_actions'] = $requestVisibleActions;
754	}
755
756	/**
757	* Set the developer key to use, these are obtained through the API Console.
758	* @see http://code.google.com/apis/console-help/#generatingdevkeys
759	* @param string $developerKey
760	*/
761	public function setDeveloperKey($developerKey)
762	{
763	$this->config['developer_key'] = $developerKey;
764	}
765
766	/**
767	* Set the hd (hosted domain) parameter streamlines the login process for
768	* Google Apps hosted accounts. By including the domain of the user, you
769	* restrict sign-in to accounts at that domain.
770	* @param string $hd the domain to use.
771	*/
772	public function setHostedDomain($hd)
773	{
774	$this->config['hd'] = $hd;
775	}
776
777	/**
778	* Set the prompt hint. Valid values are none, consent and select_account.
779	* If no value is specified and the user has not previously authorized
780	* access, then the user is shown a consent screen.
781	* @param string $prompt
782	* {@code "none"} Do not display any authentication or consent screens. Must not be specified with other values.
783	* {@code "consent"} Prompt the user for consent.
784	* {@code "select_account"} Prompt the user to select an account.
785	*/
786	public function setPrompt($prompt)
787	{
788	$this->config['prompt'] = $prompt;
789	}
790
791	/**
792	* openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
793	* 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
794	* an authentication request is valid.
795	* @param string $realm the URL-space to use.
796	*/
797	public function setOpenidRealm($realm)
798	{
799	$this->config['openid.realm'] = $realm;
800	}
801
802	/**
803	* If this is provided with the value true, and the authorization request is
804	* granted, the authorization will include any previous authorizations
805	* granted to this user/application combination for other scopes.
806	* @param bool $include the URL-space to use.
807	*/
808	public function setIncludeGrantedScopes($include)
809	{
810	$this->config['include_granted_scopes'] = $include;
811	}
812
813	/**
814	* sets function to be called when an access token is fetched
815	* @param callable $tokenCallback - function ($cacheKey, $accessToken)
816	*/
817	public function setTokenCallback(callable $tokenCallback)
818	{
819	$this->config['token_callback'] = $tokenCallback;
820	}
821
822	/**
823	* Revoke an OAuth2 access token or refresh token. This method will revoke the current access
824	* token, if a token isn't provided.
825	*
826	* @param string\|array\|null $token The token (access token or a refresh token) that should be revoked.
827	* @return boolean Returns True if the revocation was successful, otherwise False.
828	*/
829	public function revokeToken($token = null)
830	{
831	$tokenRevoker = new Revoke($this->getHttpClient());
832
833	return $tokenRevoker->revokeToken($token ?: $this->getAccessToken());
834	}
835
836	/**
837	* Verify an id_token. This method will verify the current id_token, if one
838	* isn't provided.
839	*
840	* @throws LogicException If no token was provided and no token was set using `setAccessToken`.
841	* @throws UnexpectedValueException If the token is not a valid JWT.
842	* @param string\|null $idToken The token (id_token) that should be verified.
843	* @return array\|false Returns the token payload as an array if the verification was
844	* successful, false otherwise.
845	*/
846	public function verifyIdToken($idToken = null)
847	{
848	$tokenVerifier = new Verify(
849	$this->getHttpClient(),
850	$this->getCache(),
851	$this->config['jwt']
852	);
853
854	if (null === $idToken) {
855	$token = $this->getAccessToken();
856	if (!isset($token['id_token'])) {
857	throw new LogicException(
858	'id_token must be passed in or set as part of setAccessToken'
859	);
860	}
861	$idToken = $token['id_token'];
862	}
863
864	return $tokenVerifier->verifyIdToken(
865	$idToken,
866	$this->getClientId()
867	);
868	}
869
870	/**
871	* Set the scopes to be requested. Must be called before createAuthUrl().
872	* Will remove any previously configured scopes.
873	* @param string\|array $scope_or_scopes, ie:
874	* array(
875	* 'https://www.googleapis.com/auth/plus.login',
876	* 'https://www.googleapis.com/auth/moderator'
877	* );
878	*/
879	public function setScopes($scope_or_scopes)
880	{
881	$this->requestedScopes = [];
882	$this->addScope($scope_or_scopes);
883	}
884
885	/**
886	* This functions adds a scope to be requested as part of the OAuth2.0 flow.
887	* Will append any scopes not previously requested to the scope parameter.
888	* A single string will be treated as a scope to request. An array of strings
889	* will each be appended.
890	* @param string\|string[] $scope_or_scopes e.g. "profile"
891	*/
892	public function addScope($scope_or_scopes)
893	{
894	if (is_string($scope_or_scopes) && !in_array($scope_or_scopes, $this->requestedScopes)) {
895	$this->requestedScopes[] = $scope_or_scopes;
896	} elseif (is_array($scope_or_scopes)) {
897	foreach ($scope_or_scopes as $scope) {
898	$this->addScope($scope);
899	}
900	}
901	}
902
903	/**
904	* Returns the list of scopes requested by the client
905	* @return array the list of scopes
906	*
907	*/
908	public function getScopes()
909	{
910	return $this->requestedScopes;
911	}
912
913	/**
914	* @return string\|null
915	* @visible For Testing
916	*/
917	public function prepareScopes()
918	{
919	if (empty($this->requestedScopes)) {
920	return null;
921	}
922
923	return implode(' ', $this->requestedScopes);
924	}
925
926	/**
927	* Helper method to execute deferred HTTP requests.
928	*
929	* @template T
930	* @param RequestInterface $request
931	* @param class-string<T>\|false\|null $expectedClass
932	* @throws \Google\Exception
933	* @return mixed\|T\|ResponseInterface
934	*/
935	public function execute(RequestInterface $request, $expectedClass = null)
936	{
937	$request = $request
938	->withHeader(
939	'User-Agent',
940	sprintf(
941	'%s %s%s',
942	$this->config['application_name'],
943	self::USER_AGENT_SUFFIX,
944	$this->getLibraryVersion()
945	)
946	)
947	->withHeader(
948	'x-goog-api-client',
949	sprintf(
950	'gl-php/%s gdcl/%s',
951	phpversion(),
952	$this->getLibraryVersion()
953	)
954	);
955
956	if ($this->config['api_format_v2']) {
957	$request = $request->withHeader(
958	'X-GOOG-API-FORMAT-VERSION',
959	'2'
960	);
961	}
962
963	// call the authorize method
964	// this is where most of the grunt work is done
965	$http = $this->authorize();
966
967	return REST::execute(
968	$http,
969	$request,
970	$expectedClass,
971	$this->config['retry'],
972	$this->config['retry_map']
973	);
974	}
975
976	/**
977	* Declare whether batch calls should be used. This may increase throughput
978	* by making multiple requests in one connection.
979	*
980	* @param boolean $useBatch True if the batch support should
981	* be enabled. Defaults to False.
982	*/
983	public function setUseBatch($useBatch)
984	{
985	// This is actually an alias for setDefer.
986	$this->setDefer($useBatch);
987	}
988
989	/**
990	* Are we running in Google AppEngine?
991	* return bool
992	*/
993	public function isAppEngine()
994	{
995	return (isset($_SERVER['SERVER_SOFTWARE']) &&
996	strpos($_SERVER['SERVER_SOFTWARE'], 'Google App Engine') !== false);
997	}
998
999	public function setConfig($name, $value)
1000	{
1001	$this->config[$name] = $value;
1002	}
1003
1004	public function getConfig($name, $default = null)
1005	{
1006	return isset($this->config[$name]) ? $this->config[$name] : $default;
1007	}
1008
1009	/**
1010	* For backwards compatibility
1011	* alias for setAuthConfig
1012	*
1013	* @param string $file the configuration file
1014	* @throws \Google\Exception
1015	* @deprecated
1016	*/
1017	public function setAuthConfigFile($file)
1018	{
1019	$this->setAuthConfig($file);
1020	}
1021
1022	/**
1023	* Set the auth config from new or deprecated JSON config.
1024	* This structure should match the file downloaded from
1025	* the "Download JSON" button on in the Google Developer
1026	* Console.
1027	* @param string\|array $config the configuration json
1028	* @throws \Google\Exception
1029	*/
1030	public function setAuthConfig($config)
1031	{
1032	if (is_string($config)) {
1033	if (!file_exists($config)) {
1034	throw new InvalidArgumentException(sprintf('file "%s" does not exist', $config));
1035	}
1036
1037	$json = file_get_contents($config);
1038
1039	if (!$config = json_decode($json, true)) {
1040	throw new LogicException('invalid json for auth config');
1041	}
1042	}
1043
1044	$key = isset($config['installed']) ? 'installed' : 'web';
1045	if (isset($config['type']) && $config['type'] == 'service_account') {
1046	// @TODO(v3): Remove this, as it isn't accurate. ADC applies only to determining
1047	// credentials based on the user's environment.
1048	$this->useApplicationDefaultCredentials();
1049
1050	// set the information from the config
1051	$this->setClientId($config['client_id']);
1052	$this->config['client_email'] = $config['client_email'];
1053	$this->config['signing_key'] = $config['private_key'];
1054	$this->config['signing_algorithm'] = 'HS256';
1055	} elseif (isset($config[$key])) {
1056	// old-style
1057	$this->setClientId($config[$key]['client_id']);
1058	$this->setClientSecret($config[$key]['client_secret']);
1059	if (isset($config[$key]['redirect_uris'])) {
1060	$this->setRedirectUri($config[$key]['redirect_uris'][0]);
1061	}
1062	} else {
1063	// new-style
1064	$this->setClientId($config['client_id']);
1065	$this->setClientSecret($config['client_secret']);
1066	if (isset($config['redirect_uris'])) {
1067	$this->setRedirectUri($config['redirect_uris'][0]);
1068	}
1069	}
1070	}
1071
1072	/**
1073	* Use when the service account has been delegated domain wide access.
1074	*
1075	* @param string $subject an email address account to impersonate
1076	*/
1077	public function setSubject($subject)
1078	{
1079	$this->config['subject'] = $subject;
1080	}
1081
1082	/**
1083	* Declare whether making API calls should make the call immediately, or
1084	* return a request which can be called with ->execute();
1085	*
1086	* @param boolean $defer True if calls should not be executed right away.
1087	*/
1088	public function setDefer($defer)
1089	{
1090	$this->deferExecution = $defer;
1091	}
1092
1093	/**
1094	* Whether or not to return raw requests
1095	* @return boolean
1096	*/
1097	public function shouldDefer()
1098	{
1099	return $this->deferExecution;
1100	}
1101
1102	/**
1103	* @return OAuth2 implementation
1104	*/
1105	public function getOAuth2Service()
1106	{
1107	if (!isset($this->auth)) {
1108	$this->auth = $this->createOAuth2Service();
1109	}
1110
1111	return $this->auth;
1112	}
1113
1114	/**
1115	* create a default google auth object
1116	*/
1117	protected function createOAuth2Service()
1118	{
1119	$auth = new OAuth2([
1120	'clientId' => $this->getClientId(),
1121	'clientSecret' => $this->getClientSecret(),
1122	'authorizationUri' => self::OAUTH2_AUTH_URL,
1123	'tokenCredentialUri' => self::OAUTH2_TOKEN_URI,
1124	'redirectUri' => $this->getRedirectUri(),
1125	'issuer' => $this->config['client_id'],
1126	'signingKey' => $this->config['signing_key'],
1127	'signingAlgorithm' => $this->config['signing_algorithm'],
1128	]);
1129
1130	return $auth;
1131	}
1132
1133	/**
1134	* Set the Cache object
1135	* @param CacheItemPoolInterface $cache
1136	*/
1137	public function setCache(CacheItemPoolInterface $cache)
1138	{
1139	$this->cache = $cache;
1140	}
1141
1142	/**
1143	* @return CacheItemPoolInterface
1144	*/
1145	public function getCache()
1146	{
1147	if (!$this->cache) {
1148	$this->cache = $this->createDefaultCache();
1149	}
1150
1151	return $this->cache;
1152	}
1153
1154	/**
1155	* @param array $cacheConfig
1156	*/
1157	public function setCacheConfig(array $cacheConfig)
1158	{
1159	$this->config['cache_config'] = $cacheConfig;
1160	}
1161
1162	/**
1163	* Set the Logger object
1164	* @param LoggerInterface $logger
1165	*/
1166	public function setLogger(LoggerInterface $logger)
1167	{
1168	$this->logger = $logger;
1169	}
1170
1171	/**
1172	* @return LoggerInterface
1173	*/
1174	public function getLogger()
1175	{
1176	if (!isset($this->logger)) {
1177	$this->logger = $this->createDefaultLogger();
1178	}
1179
1180	return $this->logger;
1181	}
1182
1183	protected function createDefaultLogger()
1184	{
1185	$logger = new Logger('google-api-php-client');
1186	if ($this->isAppEngine()) {
1187	$handler = new MonologSyslogHandler('app', LOG_USER, Logger::NOTICE);
1188	} else {
1189	$handler = new MonologStreamHandler('php://stderr', Logger::NOTICE);
1190	}
1191	$logger->pushHandler($handler);
1192
1193	return $logger;
1194	}
1195
1196	protected function createDefaultCache()
1197	{
1198	return new MemoryCacheItemPool();
1199	}
1200
1201	/**
1202	* Set the Http Client object
1203	* @param ClientInterface $http
1204	*/
1205	public function setHttpClient(ClientInterface $http)
1206	{
1207	$this->http = $http;
1208	}
1209
1210	/**
1211	* @return ClientInterface
1212	*/
1213	public function getHttpClient()
1214	{
1215	if (null === $this->http) {
1216	$this->http = $this->createDefaultHttpClient();
1217	}
1218
1219	return $this->http;
1220	}
1221
1222	/**
1223	* Set the API format version.
1224	*
1225	* `true` will use V2, which may return more useful error messages.
1226	*
1227	* @param bool $value
1228	*/
1229	public function setApiFormatV2($value)
1230	{
1231	$this->config['api_format_v2'] = (bool) $value;
1232	}
1233
1234	protected function createDefaultHttpClient()
1235	{
1236	$guzzleVersion = null;
1237	if (defined('\GuzzleHttp\ClientInterface::MAJOR_VERSION')) {
1238	$guzzleVersion = ClientInterface::MAJOR_VERSION;
1239	} elseif (defined('\GuzzleHttp\ClientInterface::VERSION')) {
1240	$guzzleVersion = (int)substr(ClientInterface::VERSION, 0, 1);
1241	}
1242
1243	if (5 === $guzzleVersion) {
1244	$options = [
1245	'base_url' => $this->config['base_path'],
1246	'defaults' => ['exceptions' => false],
1247	];
1248	if ($this->isAppEngine()) {
1249	if (class_exists(StreamHandler::class)) {
1250	// set StreamHandler on AppEngine by default
1251	$options['handler'] = new StreamHandler();
1252	$options['defaults']['verify'] = '/etc/ca-certificates.crt';
1253	}
1254	}
1255	} elseif (6 === $guzzleVersion \|\| 7 === $guzzleVersion) {
1256	// guzzle 6 or 7
1257	$options = [
1258	'base_uri' => $this->config['base_path'],
1259	'http_errors' => false,
1260	];
1261	} else {
1262	throw new LogicException('Could not find supported version of Guzzle.');
1263	}
1264
1265	return new GuzzleClient($options);
1266	}
1267
1268	/**
1269	* @return FetchAuthTokenCache
1270	*/
1271	private function createApplicationDefaultCredentials()
1272	{
1273	$scopes = $this->prepareScopes();
1274	$sub = $this->config['subject'];
1275	$signingKey = $this->config['signing_key'];
1276
1277	// create credentials using values supplied in setAuthConfig
1278	if ($signingKey) {
1279	$serviceAccountCredentials = [
1280	'client_id' => $this->config['client_id'],
1281	'client_email' => $this->config['client_email'],
1282	'private_key' => $signingKey,
1283	'type' => 'service_account',
1284	'quota_project_id' => $this->config['quota_project'],
1285	];
1286	$credentials = CredentialsLoader::makeCredentials(
1287	$scopes,
1288	$serviceAccountCredentials
1289	);
1290	} else {
1291	// When $sub is provided, we cannot pass cache classes to ::getCredentials
1292	// because FetchAuthTokenCache::setSub does not exist.
1293	// The result is when $sub is provided, calls to ::onGce are not cached.
1294	$credentials = ApplicationDefaultCredentials::getCredentials(
1295	$scopes,
1296	null,
1297	$sub ? null : $this->config['cache_config'],
1298	$sub ? null : $this->getCache(),
1299	$this->config['quota_project']
1300	);
1301	}
1302
1303	// for service account domain-wide authority (impersonating a user)
1304	// @see https://developers.google.com/identity/protocols/OAuth2ServiceAccount
1305	if ($sub) {
1306	if (!$credentials instanceof ServiceAccountCredentials) {
1307	throw new DomainException('domain-wide authority requires service account credentials');
1308	}
1309
1310	$credentials->setSub($sub);
1311	}
1312
1313	// If we are not using FetchAuthTokenCache yet, create it now
1314	if (!$credentials instanceof FetchAuthTokenCache) {
1315	$credentials = new FetchAuthTokenCache(
1316	$credentials,
1317	$this->config['cache_config'],
1318	$this->getCache()
1319	);
1320	}
1321	return $credentials;
1322	}
1323
1324	protected function getAuthHandler()
1325	{
1326	// Be very careful using the cache, as the underlying auth library's cache
1327	// implementation is naive, and the cache keys do not account for user
1328	// sessions.
1329	//
1330	// @see https://github.com/google/google-api-php-client/issues/821
1331	return AuthHandlerFactory::build(
1332	$this->getCache(),
1333	$this->config['cache_config']
1334	);
1335	}
1336
1337	private function createUserRefreshCredentials($scope, $refreshToken)
1338	{
1339	$creds = array_filter([
1340	'client_id' => $this->getClientId(),
1341	'client_secret' => $this->getClientSecret(),
1342	'refresh_token' => $refreshToken,
1343	]);
1344
1345	return new UserRefreshCredentials($scope, $creds);
1346	}
1347
1348	private function checkUniverseDomain($credentials)
1349	{
1350	$credentialsUniverse = $credentials instanceof GetUniverseDomainInterface
1351	? $credentials->getUniverseDomain()
1352	: GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN;
1353	if ($credentialsUniverse !== $this->getUniverseDomain()) {
1354	throw new DomainException(sprintf(
1355	'The configured universe domain (%s) does not match the credential universe domain (%s)',
1356	$this->getUniverseDomain(),
1357	$credentialsUniverse
1358	));
1359	}
1360	}
1361
1362	public function getUniverseDomain()
1363	{
1364	return $this->config['universe_domain'];
1365	}
1366	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/google/apiclient/src/Client.php

Download in other formats: