Reference documentation and code samples for the Google Auth Library Client class OAuth2.
OAuth2 supports authentication by OAuth2 2-legged flows.
It primary supports
- service account authorization
- authorization where a user already has an access token
Namespace
Google \ AuthMethods
__construct
Create a new OAuthCredentials.
The configuration array accepts various options
-
authorizationUri The authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
-
tokenCredentialUri The authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
-
clientId A unique identifier issued to the client to identify itself to the authorization server.
-
clientSecret A shared symmetric secret issued by the authorization server, which is used to authenticate the client.
-
scope The scope of the access request, expressed either as an Array or as a space-delimited String.
-
state An arbitrary string designed to allow the client to maintain state.
-
redirectUri The redirection URI used in the initial request.
-
username The resource owner's username.
-
password The resource owner's password.
-
issuer Issuer ID when using assertion profile
-
audience Target audience for assertions
-
expiry Number of seconds assertions are valid for
-
signingKey Signing key when using assertion profile
-
signingKeyId Signing key id when using assertion profile
-
refreshToken The refresh token associated with the access token to be refreshed.
-
accessToken The current access token for this client.
-
idToken The current ID token for this client.
-
extensionParams When using an extension grant type, this is the set of parameters used by that extension.
-
codeVerifier The code verifier for PKCE for OAuth 2.0.
-
resource The target service or resource where the client ntends to use the requested security token.
-
subjectTokenFetcher A fetcher for the "subject_token", which is a security token that represents the identity of the party on behalf of whom the request is being made.
-
subjectTokenType An identifier that indicates the type of the security token in the subjectToken parameter.
-
actorToken A security token that represents the identity of the acting party.
-
actorTokenType An identifier for the representation of the issued security token.
config
array
Configuration array
verifyIdToken
Verifies the idToken if present.
- if none is present, return null
- if present, but invalid, raises DomainException.
- otherwise returns the payload in the idtoken as a PHP object.
The behavior of this method varies depending on the version of firebase/php-jwt
you are using. In versions 6.0 and above, you cannot
provide multiple $allowed_algs, and instead must provide an array of Key
objects as the $publicKey.
publicKey
string| Firebase\JWT\Key
|array< Firebase\JWT\Key
>
The public key to use to authenticate the token
allowed_algs
string|string[]
algorithm or array of supported verification algorithms. Providing more than one algorithm will throw an exception.
null|object
toJwt
Obtains the encoded jwt from the instance data.
config
array
array optional configuration parameters
string
generateCredentialsRequest
Generates a request for token credentials.
httpHandler
callable|null
callback which delivers psr7 request
headers
array
[optional] Additional headers to pass to the token endpoint request.
Psr\Http\Message\RequestInterface
fetchAuthToken
Fetches the auth tokens based on the current state.
httpHandler
callable|null
callback which delivers psr7 request
headers
array
[optional] If present, add these headers to the token endpoint request.
array
getCacheKey
Obtains a key that can used to cache the results of #fetchAuthToken.
?string
getSubjectTokenFetcher
Gets this instance's SubjectTokenFetcher
null| ExternalAccountCredentialSourceInterface
parseTokenResponse
Parses the fetched tokens.
resp
Psr\Http\Message\ResponseInterface
the response.
array
updateToken
Updates an OAuth 2.0 client.
Example:
$oauth->updateToken([
'refresh_token' => 'n4E9O119d',
'access_token' => 'FJQbwq9',
'expires_in' => 3600
]);
config
array
The configuration parameters related to the token.
-
refresh_token The refresh token associated with the access token to be refreshed.
-
access_token The current access token for this client.
-
id_token The current ID token for this client.
-
expires_in The time in seconds until access token expiration.
-
expires_at The time as an integer number of seconds since the Epoch
-
issued_at The timestamp that the token was issued at.
void
buildFullAuthorizationUri
Builds the authorization Uri that the user should be redirected to.
config
array
configuration options that customize the return url.
Psr\Http\Message\UriInterface
getCodeVerifier
string|null
setCodeVerifier
codeVerifier
string|null
generateCodeVerifier
Generates a random 128-character string for the "code_verifier" parameter in PKCE for OAuth 2.0. This is a cryptographically random string that is determined using random_int, hashed using "hash" and sha256, and base64 encoded.
When this method is called, the code verifier is set on the object.
string
setAuthorizationUri
Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
uri
string
void
getAuthorizationUri
Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
?\Psr\Http\Message\UriInterface
getTokenCredentialUri
Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
?\Psr\Http\Message\UriInterface
setTokenCredentialUri
Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
uri
string
void
getRedirectUri
Gets the redirection URI used in the initial request.
?string
setRedirectUri
Sets the redirection URI used in the initial request.
uri
?string
void
getScope
Gets the scope of the access requests as a space-delimited String.
?string
getSubjectTokenType
Gets the subject token type
?string
setScope
Sets the scope of the access request, expressed either as an Array or as a space-delimited String.
scope
string|string[]|null
void
getGrantType
Gets the current grant type.
?string
setGrantType
Sets the current grant type.
grantType
string
void
getState
Gets an arbitrary string designed to allow the client to maintain state.
string
setState
Sets an arbitrary string designed to allow the client to maintain state.
state
string
void
getCode
Gets the authorization code issued to this client.
string
setCode
Sets the authorization code issued to this client.
code
string
void
getUsername
Gets the resource owner's username.
string
setUsername
Sets the resource owner's username.
username
string
void
getPassword
Gets the resource owner's password.
string
setPassword
Sets the resource owner's password.
password
string
void
getClientId
Sets a unique identifier issued to the client to identify itself to the authorization server.
string
setClientId
Sets a unique identifier issued to the client to identify itself to the authorization server.
clientId
string
void
getClientSecret
Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
string
setClientSecret
Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
clientSecret
string
void
getIssuer
Gets the Issuer ID when using assertion profile.
?string
setIssuer
Sets the Issuer ID when using assertion profile.
issuer
string
void
getSub
Gets the target sub when issuing assertions.
?string
setSub
Sets the target sub when issuing assertions.
sub
string
void
getAudience
Gets the target audience when issuing assertions.
?string
setAudience
Sets the target audience when issuing assertions.
audience
string
void
getSigningKey
Gets the signing key when using an assertion profile.
?string
setSigningKey
Sets the signing key when using an assertion profile.
signingKey
string
void
getSigningKeyId
Gets the signing key id when using an assertion profile.
?string
setSigningKeyId
Sets the signing key id when using an assertion profile.
signingKeyId
string
void
getSigningAlgorithm
Gets the signing algorithm when using an assertion profile.
?string
setSigningAlgorithm
Sets the signing algorithm when using an assertion profile.
signingAlgorithm
?string
void
getExtensionParams
Gets the set of parameters used by extension when using an extension grant type.
array
setExtensionParams
Sets the set of parameters used by extension when using an extension grant type.
extensionParams
array
void
getExpiry
Gets the number of seconds assertions are valid for.
int
setExpiry
Sets the number of seconds assertions are valid for.
expiry
int
void
getExpiresIn
Gets the lifetime of the access token in seconds.
int
setExpiresIn
Sets the lifetime of the access token in seconds.
expiresIn
?int
void
getExpiresAt
Gets the time the current access token expires at.
?int
isExpired
Returns true if the acccess token has expired.
bool
setExpiresAt
Sets the time the current access token expires at.
expiresAt
int
void
getIssuedAt
Gets the time the current access token was issued at.
?int
setIssuedAt
Sets the time the current access token was issued at.
issuedAt
int
void
getAccessToken
Gets the current access token.
?string
setAccessToken
Sets the current access token.
accessToken
string
void
getIdToken
Gets the current ID token.
?string
setIdToken
Sets the current ID token.
idToken
string
void
getGrantedScope
Get the granted space-separated scopes (if they exist) for the last fetched token.
string|null
setGrantedScope
Sets the current ID token.
grantedScope
string
void
getRefreshToken
Gets the refresh token associated with the current access token.
?string
setRefreshToken
Sets the refresh token associated with the current access token.
refreshToken
string
void
setAdditionalClaims
Sets additional claims to be included in the JWT token
additionalClaims
array
void
getAdditionalClaims
Gets the additional claims to be included in the JWT token.
array
getIssuedTokenType
Gets the additional claims to be included in the JWT token.
?string
getLastReceivedToken
The expiration of the last received token.
array|null
getClientName
Get the client ID.
Alias of OAuth2::getClientId() .
httpHandler
callable|null
string
Constants
DEFAULT_EXPIRY_SECONDS
Value: 3600
DEFAULT_SKEW_SECONDS
Value: 60
JWT_URN
Value: 'urn:ietf:params:oauth:grant-type:jwt-bearer'
STS_URN
Value: 'urn:ietf:params:oauth:grant-type:token-exchange'
