Google_Auth_AssertionCredentials

Credentials object used for OAuth 2.0 Signed JWT assertion grants.

Defined (1)

The class is defined in the following location(s).

/src/Google/Auth/AssertionCredentials.php  
  1. class Google_Auth_AssertionCredentials 
  2. const MAX_TOKEN_LIFETIME_SECS = 3600; 
  3.  
  4. public $serviceAccountName; 
  5. public $scopes; 
  6. public $privateKey; 
  7. public $privateKeyPassword; 
  8. public $assertionType; 
  9. public $sub; 
  10. /** 
  11. * @deprecated 
  12. * @link http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 
  13. */ 
  14. public $prn; 
  15. private $useCache; 
  16.  
  17. /** 
  18. * @param $serviceAccountName 
  19. * @param $scopes array List of scopes 
  20. * @param $privateKey 
  21. * @param string $privateKeyPassword 
  22. * @param string $assertionType 
  23. * @param bool|string $sub The email address of the user for which the 
  24. * application is requesting delegated access. 
  25. * @param bool useCache Whether to generate a cache key and allow 
  26. * automatic caching of the generated token. 
  27. */ 
  28. public function __construct( 
  29. $serviceAccountName,  
  30. $scopes,  
  31. $privateKey,  
  32. $privateKeyPassword = 'notasecret',  
  33. $assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',  
  34. $sub = false,  
  35. $useCache = true 
  36. ) { 
  37. $this->serviceAccountName = $serviceAccountName; 
  38. $this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes); 
  39. $this->privateKey = $privateKey; 
  40. $this->privateKeyPassword = $privateKeyPassword; 
  41. $this->assertionType = $assertionType; 
  42. $this->sub = $sub; 
  43. $this->prn = $sub; 
  44. $this->useCache = $useCache; 
  45.  
  46. /** 
  47. * Generate a unique key to represent this credential. 
  48. * @return string 
  49. */ 
  50. public function getCacheKey() 
  51. if (!$this->useCache) { 
  52. return false; 
  53. $h = $this->sub; 
  54. $h .= $this->assertionType; 
  55. $h .= $this->privateKey; 
  56. $h .= $this->scopes; 
  57. $h .= $this->serviceAccountName; 
  58. return md5($h); 
  59.  
  60. public function generateAssertion() 
  61. $now = time(); 
  62.  
  63. $jwtParams = array( 
  64. 'aud' => Google_Auth_OAuth2::OAUTH2_TOKEN_URI,  
  65. 'scope' => $this->scopes,  
  66. 'iat' => $now,  
  67. 'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,  
  68. 'iss' => $this->serviceAccountName,  
  69. ); 
  70.  
  71. if ($this->sub !== false) { 
  72. $jwtParams['sub'] = $this->sub; 
  73. } else if ($this->prn !== false) { 
  74. $jwtParams['prn'] = $this->prn; 
  75.  
  76. return $this->makeSignedJwt($jwtParams); 
  77.  
  78. /** 
  79. * Creates a signed JWT. 
  80. * @param array $payload 
  81. * @return string The signed JWT. 
  82. */ 
  83. private function makeSignedJwt($payload) 
  84. $header = array('typ' => 'JWT', 'alg' => 'RS256'); 
  85.  
  86. $payload = json_encode($payload); 
  87. // Handle some overzealous escaping in PHP json that seemed to cause some errors 
  88. // with claimsets. 
  89. $payload = str_replace('\/', '/', $payload); 
  90.  
  91. $segments = array( 
  92. Google_Utils::urlSafeB64Encode(json_encode($header)),  
  93. Google_Utils::urlSafeB64Encode($payload) 
  94. ); 
  95.  
  96. $signingInput = implode('.', $segments); 
  97. $signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword); 
  98. $signature = $signer->sign($signingInput); 
  99. $segments[] = Google_Utils::urlSafeB64Encode($signature); 
  100.  
  101. return implode(".", $segments);