push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); * ``` */ class ApplicationDefaultCredentials { /** * @deprecated * * Obtains an AuthTokenSubscriber that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @return AuthTokenSubscriber * @throws DomainException if no implementation can be obtained. */ public static function getSubscriber(// @phpstan-ignore-line $scope = null, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null ) { $creds = self::getCredentials($scope, $httpHandler, $cacheConfig, $cache); /** @phpstan-ignore-next-line */ return new AuthTokenSubscriber($creds, $httpHandler); } /** * Obtains an AuthTokenMiddleware that uses the default FetchAuthTokenInterface * implementation to use in this environment. * * If supplied, $scope is used to in creating the credentials instance if * this does not fallback to the compute engine defaults. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @param string $quotaProject specifies a project to bill for access * charges associated with the request. * @return AuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getMiddleware( $scope = null, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null, $quotaProject = null ) { $creds = self::getCredentials($scope, $httpHandler, $cacheConfig, $cache, $quotaProject); return new AuthTokenMiddleware($creds, $httpHandler); } /** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment. * * @param string|string[] $scope the scope of the access request, expressed * either as an Array or as a space-delimited String. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @param string|null $quotaProject specifies a project to bill for access * charges associated with the request. * @param string|string[]|null $defaultScope The default scope to use if no * user-defined scopes exist, expressed either as an Array or as a * space-delimited string. * @param string|null $universeDomain Specifies a universe domain to use for the * calling client library * * @return FetchAuthTokenInterface * @throws DomainException if no implementation can be obtained. */ public static function getCredentials( $scope = null, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null, $quotaProject = null, $defaultScope = null, ?string $universeDomain = null ) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile(); $anyScope = $scope ?: $defaultScope; if (!$httpHandler) { if (!($client = HttpClientCache::getHttpClient())) { $client = new Client(); HttpClientCache::setHttpClient($client); } $httpHandler = HttpHandlerFactory::build($client); } if (is_null($quotaProject)) { // if a quota project isn't specified, try to get one from the env var $quotaProject = CredentialsLoader::quotaProjectFromEnv(); } if (!is_null($jsonKey)) { if ($quotaProject) { $jsonKey['quota_project_id'] = $quotaProject; } if ($universeDomain) { $jsonKey['universe_domain'] = $universeDomain; } $creds = CredentialsLoader::makeCredentials( $scope, $jsonKey, $defaultScope ); } elseif (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) { $creds = new AppIdentityCredentials($anyScope); } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) { $creds = new GCECredentials(null, $anyScope, null, $quotaProject, null, $universeDomain); $creds->setIsOnGce(true); // save the credentials a trip to the metadata server } if (is_null($creds)) { throw new DomainException(self::notFound()); } if (!is_null($cache)) { $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache); } return $creds; } /** * Obtains an AuthTokenMiddleware which will fetch an ID token to use in the * Authorization header. The middleware is configured with the default * FetchAuthTokenInterface implementation to use in this environment. * * If supplied, $targetAudience is used to set the "aud" on the resulting * ID token. * * @param string $targetAudience The audience for the ID token. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @return AuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getIdTokenMiddleware( $targetAudience, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null ) { $creds = self::getIdTokenCredentials($targetAudience, $httpHandler, $cacheConfig, $cache); return new AuthTokenMiddleware($creds, $httpHandler); } /** * Obtains an ProxyAuthTokenMiddleware which will fetch an ID token to use in the * Authorization header. The middleware is configured with the default * FetchAuthTokenInterface implementation to use in this environment. * * If supplied, $targetAudience is used to set the "aud" on the resulting * ID token. * * @param string $targetAudience The audience for the ID token. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @return ProxyAuthTokenMiddleware * @throws DomainException if no implementation can be obtained. */ public static function getProxyIdTokenMiddleware( $targetAudience, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null ) { $creds = self::getIdTokenCredentials($targetAudience, $httpHandler, $cacheConfig, $cache); return new ProxyAuthTokenMiddleware($creds, $httpHandler); } /** * Obtains the default FetchAuthTokenInterface implementation to use * in this environment, configured with a $targetAudience for fetching an ID * token. * * @param string $targetAudience The audience for the ID token. * @param callable|null $httpHandler callback which delivers psr7 request * @param array|null $cacheConfig configuration for the cache when it's present * @param CacheItemPoolInterface|null $cache A cache implementation, may be * provided if you have one already available for use. * @return FetchAuthTokenInterface * @throws DomainException if no implementation can be obtained. * @throws InvalidArgumentException if JSON "type" key is invalid */ public static function getIdTokenCredentials( $targetAudience, ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null ) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() ?: CredentialsLoader::fromWellKnownFile(); if (!$httpHandler) { if (!($client = HttpClientCache::getHttpClient())) { $client = new Client(); HttpClientCache::setHttpClient($client); } $httpHandler = HttpHandlerFactory::build($client); } if (!is_null($jsonKey)) { if (!array_key_exists('type', $jsonKey)) { throw new \InvalidArgumentException('json key is missing the type field'); } if ($jsonKey['type'] == 'authorized_user') { $creds = new UserRefreshCredentials(null, $jsonKey, $targetAudience); } elseif ($jsonKey['type'] == 'service_account') { $creds = new ServiceAccountCredentials(null, $jsonKey, null, $targetAudience); } else { throw new InvalidArgumentException('invalid value in the type field'); } } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) { $creds = new GCECredentials(null, null, $targetAudience); $creds->setIsOnGce(true); // save the credentials a trip to the metadata server } if (is_null($creds)) { throw new DomainException(self::notFound()); } if (!is_null($cache)) { $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache); } return $creds; } /** * @return string */ private static function notFound() { $msg = 'Your default credentials were not found. To set up '; $msg .= 'Application Default Credentials, see '; $msg .= 'https://cloud.google.com/docs/authentication/external/set-up-adc'; return $msg; } /** * @param callable|null $httpHandler * @param array|null $cacheConfig * @param CacheItemPoolInterface|null $cache * @return bool */ private static function onGce( ?callable $httpHandler = null, ?array $cacheConfig = null, ?CacheItemPoolInterface $cache = null ) { $gceCacheConfig = []; foreach (['lifetime', 'prefix'] as $key) { if (isset($cacheConfig['gce_' . $key])) { $gceCacheConfig[$key] = $cacheConfig['gce_' . $key]; } } return (new GCECache($gceCacheConfig, $cache))->onGce($httpHandler); } }