$jsonKey JSON credential file path or JSON credentials * as an associative array. */ public function __construct( $scope, $jsonKey ) { if (is_string($jsonKey)) { if (!file_exists($jsonKey)) { throw new \InvalidArgumentException('file does not exist'); } $json = file_get_contents($jsonKey); if (!$jsonKey = json_decode((string) $json, true)) { throw new \LogicException('invalid json for auth config'); } } if (!array_key_exists('service_account_impersonation_url', $jsonKey)) { throw new \LogicException( 'json key is missing the service_account_impersonation_url field' ); } if (!array_key_exists('source_credentials', $jsonKey)) { throw new \LogicException('json key is missing the source_credentials field'); } $this->impersonatedServiceAccountName = $this->getImpersonatedServiceAccountNameFromUrl( $jsonKey['service_account_impersonation_url'] ); $this->sourceCredentials = new UserRefreshCredentials( $scope, $jsonKey['source_credentials'] ); } /** * Helper function for extracting the Server Account Name from the URL saved in the account * credentials file. * * @param $serviceAccountImpersonationUrl string URL from "service_account_impersonation_url" * @return string Service account email or ID. */ private function getImpersonatedServiceAccountNameFromUrl( string $serviceAccountImpersonationUrl ): string { $fields = explode('/', $serviceAccountImpersonationUrl); $lastField = end($fields); $splitter = explode(':', $lastField); return $splitter[0]; } /** * Get the client name from the keyfile * * In this implementation, it will return the issuers email from the oauth token. * * @param callable|null $unusedHttpHandler not used by this credentials type. * @return string Token issuer email */ public function getClientName(?callable $unusedHttpHandler = null) { return $this->impersonatedServiceAccountName; } /** * @param callable|null $httpHandler * * @return array { * A set of auth related metadata, containing the following * * @type string $access_token * @type int $expires_in * @type string $scope * @type string $token_type * @type string $id_token * } */ public function fetchAuthToken(?callable $httpHandler = null) { // We don't support id token endpoint requests as of now for Impersonated Cred return $this->sourceCredentials->fetchAuthToken( $httpHandler, $this->applyTokenEndpointMetrics([], 'at') ); } /** * Returns the Cache Key for the credentials * The cache key is the same as the UserRefreshCredentials class * * @return string */ public function getCacheKey() { return $this->sourceCredentials->getCacheKey(); } /** * @return array */ public function getLastReceivedToken() { return $this->sourceCredentials->getLastReceivedToken(); } protected function getCredType(): string { return self::CRED_TYPE; } }