PluginProbe ʕ •ᴥ•ʔ
Booking for Appointments and Events Calendar – Amelia / trunk
Booking for Appointments and Events Calendar – Amelia vtrunk
2.4.4 2.4.3 2.4.2 2.4.1 2.4 trunk 1.2.1 1.2.10 1.2.11 1.2.12 1.2.13 1.2.14 1.2.15 1.2.16 1.2.17 1.2.18 1.2.19 1.2.2 1.2.20 1.2.21 1.2.22 1.2.23 1.2.24 1.2.25 1.2.26 1.2.27 1.2.28 1.2.29 1.2.3 1.2.30 1.2.31 1.2.32 1.2.33 1.2.34 1.2.35 1.2.36 1.2.37 1.2.38 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 2.0 2.0.1 2.0.2 2.1 2.1.1 2.1.2 2.1.3 2.2 2.2.1 2.3
ameliabooking / vendor / google / auth / src / Credentials / ServiceAccountJwtAccessCredentials.php
ameliabooking / vendor / google / auth / src / Credentials Last commit date
AppIdentityCredentials.php 6 months ago ExternalAccountCredentials.php 6 months ago GCECredentials.php 6 months ago IAMCredentials.php 6 months ago ImpersonatedServiceAccountCredentials.php 6 months ago InsecureCredentials.php 6 months ago ServiceAccountCredentials.php 6 months ago ServiceAccountJwtAccessCredentials.php 6 months ago UserRefreshCredentials.php 6 months ago
ServiceAccountJwtAccessCredentials.php
213 lines
1 <?php
2 /*
3 * Copyright 2015 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 namespace AmeliaVendor\Google\Auth\Credentials;
19
20 use AmeliaVendor\Google\Auth\CredentialsLoader;
21 use AmeliaVendor\Google\Auth\GetQuotaProjectInterface;
22 use AmeliaVendor\Google\Auth\OAuth2;
23 use AmeliaVendor\Google\Auth\ProjectIdProviderInterface;
24 use AmeliaVendor\Google\Auth\ServiceAccountSignerTrait;
25 use AmeliaVendor\Google\Auth\SignBlobInterface;
26
27 /**
28 * Authenticates requests using Google's Service Account credentials via
29 * JWT Access.
30 *
31 * This class allows authorizing requests for service accounts directly
32 * from credentials from a json key file downloaded from the developer
33 * console (via 'Generate new Json Key'). It is not part of any OAuth2
34 * flow, rather it creates a JWT and sends that as a credential.
35 */
36 class ServiceAccountJwtAccessCredentials extends CredentialsLoader implements
37 GetQuotaProjectInterface,
38 SignBlobInterface,
39 ProjectIdProviderInterface
40 {
41 use ServiceAccountSignerTrait;
42
43 /**
44 * The OAuth2 instance used to conduct authorization.
45 *
46 * @var OAuth2
47 */
48 protected $auth;
49
50 /**
51 * The quota project associated with the JSON credentials
52 *
53 * @var string
54 */
55 protected $quotaProject;
56
57 /**
58 * @var string
59 */
60 public $projectId;
61
62 /**
63 * Create a new ServiceAccountJwtAccessCredentials.
64 *
65 * @param string|array<mixed> $jsonKey JSON credential file path or JSON credentials
66 * as an associative array
67 * @param string|string[] $scope the scope of the access request, expressed
68 * either as an Array or as a space-delimited String.
69 */
70 public function __construct($jsonKey, $scope = null)
71 {
72 if (is_string($jsonKey)) {
73 if (!file_exists($jsonKey)) {
74 throw new \InvalidArgumentException('file does not exist');
75 }
76 $jsonKeyStream = file_get_contents($jsonKey);
77 if (!$jsonKey = json_decode((string) $jsonKeyStream, true)) {
78 throw new \LogicException('invalid json for auth config');
79 }
80 }
81 if (!array_key_exists('client_email', $jsonKey)) {
82 throw new \InvalidArgumentException(
83 'json key is missing the client_email field'
84 );
85 }
86 if (!array_key_exists('private_key', $jsonKey)) {
87 throw new \InvalidArgumentException(
88 'json key is missing the private_key field'
89 );
90 }
91 if (array_key_exists('quota_project_id', $jsonKey)) {
92 $this->quotaProject = (string) $jsonKey['quota_project_id'];
93 }
94 $this->auth = new OAuth2([
95 'issuer' => $jsonKey['client_email'],
96 'sub' => $jsonKey['client_email'],
97 'signingAlgorithm' => 'RS256',
98 'signingKey' => $jsonKey['private_key'],
99 'scope' => $scope,
100 ]);
101
102 $this->projectId = $jsonKey['project_id'] ?? null;
103 }
104
105 /**
106 * Updates metadata with the authorization token.
107 *
108 * @param array<mixed> $metadata metadata hashmap
109 * @param string $authUri optional auth uri
110 * @param callable $httpHandler callback which delivers psr7 request
111 * @return array<mixed> updated metadata hashmap
112 */
113 public function updateMetadata(
114 $metadata,
115 $authUri = null,
116 ?callable $httpHandler = null
117 ) {
118 $scope = $this->auth->getScope();
119 if (empty($authUri) && empty($scope)) {
120 return $metadata;
121 }
122
123 $this->auth->setAudience($authUri);
124
125 return parent::updateMetadata($metadata, $authUri, $httpHandler);
126 }
127
128 /**
129 * Implements FetchAuthTokenInterface#fetchAuthToken.
130 *
131 * @param callable $httpHandler
132 *
133 * @return null|array{access_token:string} A set of auth related metadata
134 */
135 public function fetchAuthToken(?callable $httpHandler = null)
136 {
137 $audience = $this->auth->getAudience();
138 $scope = $this->auth->getScope();
139 if (empty($audience) && empty($scope)) {
140 return null;
141 }
142
143 if (!empty($audience) && !empty($scope)) {
144 throw new \UnexpectedValueException(
145 'Cannot sign both audience and scope in JwtAccess'
146 );
147 }
148
149 $access_token = $this->auth->toJwt();
150
151 // Set the self-signed access token in OAuth2 for getLastReceivedToken
152 $this->auth->setAccessToken($access_token);
153
154 return [
155 'access_token' => $access_token,
156 'expires_in' => $this->auth->getExpiry(),
157 'token_type' => 'Bearer'
158 ];
159 }
160
161 /**
162 * @return string
163 */
164 public function getCacheKey()
165 {
166 return $this->auth->getCacheKey();
167 }
168
169 /**
170 * @return array<mixed>
171 */
172 public function getLastReceivedToken()
173 {
174 return $this->auth->getLastReceivedToken();
175 }
176
177 /**
178 * Get the project ID from the service account keyfile.
179 *
180 * Returns null if the project ID does not exist in the keyfile.
181 *
182 * @param callable $httpHandler Not used by this credentials type.
183 * @return string|null
184 */
185 public function getProjectId(?callable $httpHandler = null)
186 {
187 return $this->projectId;
188 }
189
190 /**
191 * Get the client name from the keyfile.
192 *
193 * In this case, it returns the keyfile's client_email key.
194 *
195 * @param callable $httpHandler Not used by this credentials type.
196 * @return string
197 */
198 public function getClientName(?callable $httpHandler = null)
199 {
200 return $this->auth->getIssuer();
201 }
202
203 /**
204 * Get the quota project used for this API request
205 *
206 * @return string|null
207 */
208 public function getQuotaProject()
209 {
210 return $this->quotaProject;
211 }
212 }
213