Console
    Contact Us Start free

    Google Auth Library Client - Class GCECredentials (1.47.0)

    Reference documentation and code samples for the Google Auth Library Client class GCECredentials.

    GCECredentials supports authorization on Google Compute Engine.

    It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:

    use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;

    $gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);

    $client = new Client([ 'handler' => $stack, 'base_uri' => ' https://www.googleapis.com/taskqueue/v1beta2/projects/ ', 'auth' => 'google_auth' ]);

    $res = $client->get('myproject/taskqueues/myqueue');

    Namespace

    Google \ Auth \ Credentials

    Methods

    __construct

    Parameters
    Name
    Description
    iam
    Google\Auth\Iam |null

    [optional] An IAM instance.

    scope
    string|string[]

    [optional] the scope of the access request, expressed either as an array or as a space-delimited string.

    targetAudience
    string

    [optional] The audience for the ID token.

    quotaProject
    string

    [optional] Specifies a project to bill for access charges associated with the request.

    serviceAccountIdentity
    string

    [optional] Specify a service account identity name to use instead of "default".

    universeDomain
    string|null

    [optional] Specify a universe domain to use instead of fetching one from the metadata server.

    fetchAuthToken

    Implements FetchAuthTokenInterface#fetchAuthToken.

    Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.

    Parameters
    Name
    Description
    httpHandler
    callable|null

    callback which delivers psr7 request

    headers
    array

    [optional] Headers to be inserted into the token endpoint request present.

    Returns
    Type
    Description
    array
    { A set of auth related metadata, based on the token type. @type string $access_token for access tokens @type int $expires_in for access tokens @type string $token_type for access tokens @type string $id_token for ID tokens }

    getCacheKey

    Returns the Cache Key for the credential token.

    The format for the cache key is: TokenURI

    Returns
    Type
    Description
    string

    getLastReceivedToken

    Returns an associative array with the token and expiration time.

    Returns
    Type
    Description
    array|null

    getClientName

    Get the client name from GCE metadata.

    Subsequent calls will return a cached value.

    Parameter
    Name
    Description
    httpHandler
    callable|null

    callback which delivers psr7 request

    Returns
    Type
    Description
    string

    getProjectId

    Fetch the default Project ID from compute engine.

    Returns null if called outside GCE.

    Parameter
    Name
    Description
    httpHandler
    callable|null

    Callback which delivers psr7 request

    Returns
    Type
    Description
    string|null

    getUniverseDomain

    Fetch the default universe domain from the metadata server.

    Parameter
    Name
    Description
    httpHandler
    callable|null

    Callback which delivers psr7 request

    Returns
    Type
    Description
    string

    getQuotaProject

    Get the quota project used for this API request

    Returns
    Type
    Description
    string|null

    setIsOnGce

    Set whether or not we've already checked the GCE environment.

    Parameter
    Name
    Description
    isOnGce
    bool
    Returns
    Type
    Description
    void

    static::getTokenUri

    The full uri for accessing the default token.

    Parameter
    Name
    Description
    serviceAccountIdentity
    string

    [optional] Specify a service account identity name to use instead of "default".

    Returns
    Type
    Description
    string

    static::getClientNameUri

    The full uri for accessing the default service account.

    Parameter
    Name
    Description
    serviceAccountIdentity
    string

    [optional] Specify a service account identity name to use instead of "default".

    Returns
    Type
    Description
    string

    static::onAppEngineFlexible

    Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.

    Returns
    Type
    Description
    bool
    true if this an App Engine Flexible Instance, false otherwise

    static::onGce

    Determines if this a GCE instance, by accessing the expected metadata host.

    If $httpHandler is not specified a the default HttpHandler is used.

    Parameter
    Name
    Description
    httpHandler
    callable|null

    callback which delivers psr7 request

    Returns
    Type
    Description
    bool
    True if this a GCEInstance, false otherwise

    Constants

    cacheKey

      Value: 'GOOGLE_AUTH_PHP_GCE'

    METADATA_IP

      Value: '169.254.169.254'

    The metadata IP address on appengine instances.

    The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine.

    TOKEN_URI_PATH

      Value: 'v1/instance/service-accounts/default/token'

    The metadata path of the default token.

    ID_TOKEN_URI_PATH

      Value: 'v1/instance/service-accounts/default/identity'

    The metadata path of the default id token.

    CLIENT_ID_URI_PATH

      Value: 'v1/instance/service-accounts/default/email'

    The metadata path of the client ID.

    PROJECT_ID_URI_PATH

      Value: 'v1/project/project-id'

    The metadata path of the project ID.

    UNIVERSE_DOMAIN_URI_PATH

      Value: 'v1/universe/universe-domain'

    The metadata path of the project ID.

    FLAVOR_HEADER

      Value: 'Metadata-Flavor'

    The header whose presence indicates GCE presence.

    MAX_COMPUTE_PING_TRIES

      Value: 3

    Note: the explicit timeout and tries below is a workaround. The underlying issue is that resolving an unknown host on some networks will take 20-30 seconds; making this timeout short fixes the issue, but could lead to false negatives in the event that we are on GCE, but the metadata resolution was particularly slow. The latter case is "unlikely" since the expected 4-nines time is about 0.5 seconds.

    This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios.

    COMPUTE_PING_CONNECTION_TIMEOUT_S

      Value: 0.5
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: