' */ class AuthTokenMiddleware { /** * @var callable */ private $httpHandler; /** * It must be an implementation of FetchAuthTokenInterface. * It may also implement UpdateMetadataInterface allowing direct * retrieval of auth related headers * @var FetchAuthTokenInterface */ private $fetcher; /** * @var ?callable */ private $tokenCallback; /** * Creates a new AuthTokenMiddleware. * * @param FetchAuthTokenInterface $fetcher is used to fetch the auth token * @param callable|null $httpHandler (optional) callback which delivers psr7 request * @param callable|null $tokenCallback (optional) function to be called when a new token is fetched. */ public function __construct( FetchAuthTokenInterface $fetcher, ?callable $httpHandler = null, ?callable $tokenCallback = null ) { $this->fetcher = $fetcher; $this->httpHandler = $httpHandler; $this->tokenCallback = $tokenCallback; } /** * Updates the request with an Authorization header when auth is 'google_auth'. * * use Google\Auth\Middleware\AuthTokenMiddleware; * use Google\Auth\OAuth2; * use GuzzleHttp\Client; * use GuzzleHttp\HandlerStack; * * $config = [...]; * $oauth2 = new OAuth2($config) * $middleware = new AuthTokenMiddleware($oauth2); * $stack = HandlerStack::create(); * $stack->push($middleware); * * $client = new Client([ * 'handler' => $stack, * 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', * 'auth' => 'google_auth' // authorize all requests * ]); * * $res = $client->get('myproject/taskqueues/myqueue'); * * @param callable $handler * @return \Closure */ public function __invoke(callable $handler) { return function (RequestInterface $request, array $options) use ($handler) { // Requests using "auth"="google_auth" will be authorized. if (!isset($options['auth']) || $options['auth'] !== 'google_auth') { return $handler($request, $options); } $request = $this->addAuthHeaders($request); if ($quotaProject = $this->getQuotaProject()) { $request = $request->withHeader( GetQuotaProjectInterface::X_GOOG_USER_PROJECT_HEADER, $quotaProject ); } return $handler($request, $options); }; } /** * Adds auth related headers to the request. * * @param RequestInterface $request * @return RequestInterface */ private function addAuthHeaders(RequestInterface $request) { if (!$this->fetcher instanceof UpdateMetadataInterface || ($this->fetcher instanceof FetchAuthTokenCache && !$this->fetcher->getFetcher() instanceof UpdateMetadataInterface) ) { $token = $this->fetcher->fetchAuthToken(); $request = $request->withHeader( 'authorization', 'Bearer ' . ($token['access_token'] ?? $token['id_token'] ?? '') ); } else { $headers = $this->fetcher->updateMetadata($request->getHeaders(), null, $this->httpHandler); $request = Utils::modifyRequest($request, ['set_headers' => $headers]); } if ($this->tokenCallback && ($token = $this->fetcher->getLastReceivedToken())) { if (array_key_exists('access_token', $token)) { call_user_func($this->tokenCallback, $this->fetcher->getCacheKey(), $token['access_token']); } } return $request; } /** * @return string|null */ private function getQuotaProject() { if ($this->fetcher instanceof GetQuotaProjectInterface) { return $this->fetcher->getQuotaProject(); } return null; } }