Reference documentation and code samples for the Google Auth Library Client class ServiceAccountCredentials.
ServiceAccountCredentials supports authorization using a Google service account.
(cf https://developers.google.com/accounts/docs/OAuth2ServiceAccount )
It's initialized using the json key file that's downloadable from developer console, which should contain a private_key and client_email fields that it uses.
Use it with AuthTokenMiddleware to authorize http requests:
use Google\Auth\Credentials\ServiceAccountCredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;
$sa = new ServiceAccountCredentials( ' https://www.googleapis.com/auth/taskqueue ', '/path/to/your/json/key_file.json' ); $middleware = new AuthTokenMiddleware($sa); $stack = HandlerStack::create(); $stack->push($middleware);
$client = new Client([ 'handler' => $stack, 'base_uri' => ' https://www.googleapis.com/taskqueue/v1beta2/projects/ ', 'auth' => 'google_auth' // authorize all requests ]);
$res = $client->get('myproject/taskqueues/myqueue');
Namespace
Google \ Auth \ CredentialsMethods
__construct
Create a new ServiceAccountCredentials.
scope
string|string[]|null
the scope of the access request, expressed either as an Array or as a space-delimited String.
jsonKey
string|array
JSON credential file path or JSON credentials as an associative array
sub
string
an email address account to impersonate, in situations when the service account has been delegated domain wide access.
targetAudience
string
The audience for the ID token.
useJwtAccessWithScope
When called, the ServiceAccountCredentials will use an instance of ServiceAccountJwtAccessCredentials to fetch (self-sign) an access token even when only scopes are supplied. Otherwise, ServiceAccountJwtAccessCredentials is only called when no scopes and an authUrl (audience) is suppled.
void
fetchAuthToken
Fetches the auth tokens based on the current state.
httpHandler
callable|null
headers
array
[optional] Headers to be inserted into the token endpoint request present.
array
getCacheKey
Return the Cache Key for the credentials.
For the cache key format is one of the following: ClientEmail.Scope[.Sub] ClientEmail.Audience[.Sub]
string
getLastReceivedToken
Returns an associative array with the token and expiration time.
array
getProjectId
Get the project ID from the service account keyfile.
Returns null if the project ID does not exist in the keyfile.
httpHandler
callable|null
Not used by this credentials type.
string|null
updateMetadata
Updates metadata with the authorization token.
metadata
array
metadata hashmap
authUri
string
optional auth uri
httpHandler
callable|null
callback which delivers psr7 request
array
setSub
sub
string
an email address account to impersonate, in situations when the service account has been delegated domain wide access.
void
getClientName
Get the client name from the keyfile.
In this case, it returns the keyfile's client_email key.
httpHandler
callable|null
Not used by this credentials type.
string
getPrivateKey
Get the private key from the keyfile.
In this case, it returns the keyfile's private_key key, needed for JWT signing.
string
getQuotaProject
Get the quota project used for this API request
string|null
getUniverseDomain
Get the universe domain configured in the JSON credential.
string
