Google_AssertionCredentials

Credentials object used for OAuth 2.0 Signed JWT assertion grants.

Defined (1)

The class is defined in the following location(s).

/google-api-php-client/src/auth/Google_AssertionCredentials.php  
  1. class Google_AssertionCredentials { 
  2.   const MAX_TOKEN_LIFETIME_SECS = 3600; 
  3.  
  4.   public $serviceAccountName; 
  5.   public $scopes; 
  6.   public $privateKey; 
  7.   public $privateKeyPassword; 
  8.   public $assertionType; 
  9.   public $sub; 
  10.   /** 
  11.    * @deprecated 
  12.    * @link http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 
  13.    */ 
  14.   public $prn; 
  15.  
  16.   /** 
  17.    * @param $serviceAccountName 
  18.    * @param $scopes array List of scopes 
  19.    * @param $privateKey 
  20.    * @param string $privateKeyPassword 
  21.    * @param string $assertionType 
  22.    * @param bool|string $sub The email address of the user for which the 
  23.    *               application is requesting delegated access. 
  24.    */ 
  25.   public function __construct( 
  26.       $serviceAccountName,  
  27.       $scopes,  
  28.       $privateKey,  
  29.       $privateKeyPassword = 'notasecret',  
  30.       $assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',  
  31.       $sub = false) { 
  32.     $this->serviceAccountName = $serviceAccountName; 
  33.     $this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes); 
  34.     $this->privateKey = $privateKey; 
  35.     $this->privateKeyPassword = $privateKeyPassword; 
  36.     $this->assertionType = $assertionType; 
  37.     $this->sub = $sub; 
  38.     $this->prn = $sub; 
  40.  
  41.   public function generateAssertion() { 
  42.     $now = time(); 
  43.  
  44.     $jwtParams = array( 
  45.           'aud' => Google_OAuth2::OAUTH2_TOKEN_URI,  
  46.           'scope' => $this->scopes,  
  47.           'iat' => $now,  
  48.           'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,  
  49.           'iss' => $this->serviceAccountName,  
  50.  ); 
  51.  
  52.     if ($this->sub !== false) { 
  53.       $jwtParams['sub'] = $this->sub; 
  54.     } else if ($this->prn !== false) { 
  55.       $jwtParams['prn'] = $this->prn; 
  57.  
  58.     return $this->makeSignedJwt($jwtParams); 
  60.  
  61.   /** 
  62.    * Creates a signed JWT. 
  63.    * @param array $payload 
  64.    * @return string The signed JWT. 
  65.    */ 
  66.   private function makeSignedJwt($payload) { 
  67.     $header = array('typ' => 'JWT', 'alg' => 'RS256'); 
  68.  
  69.     $segments = array( 
  70.       Google_Utils::urlSafeB64Encode(json_encode($header)),  
  71.       Google_Utils::urlSafeB64Encode(json_encode($payload)) 
  72.  ); 
  73.  
  74.     $signingInput = implode('.', $segments); 
  75.     $signer = new Google_P12Signer($this->privateKey, $this->privateKeyPassword); 
  76.     $signature = $signer->sign($signingInput); 
  77.     $segments[] = Google_Utils::urlSafeB64Encode($signature); 
  78.  
  79.     return implode(".", $segments);