GoogleGAL_Auth_AssertionCredentials

Credentials object used for OAuth 2.0 Signed JWT assertion grants.

Defined (1)

The class is defined in the following location(s).

/core/Google/Auth/AssertionCredentials.php  
  1. class GoogleGAL_Auth_AssertionCredentials 
  2. const MAX_TOKEN_LIFETIME_SECS = 3600; 
  3.  
  4. public $serviceAccountName; 
  5. public $scopes; 
  6. public $privateKey; 
  7. public $privateKeyPassword; 
  8. public $assertionType; 
  9. public $sub; 
  10. public $signerClass = 'GoogleGAL_Signer_P12'; 
  11. /** 
  12. * @deprecated 
  13. * @link http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 
  14. */ 
  15. public $prn; 
  16. private $useCache; 
  17.  
  18. /** 
  19. * @param $serviceAccountName 
  20. * @param $scopes array List of scopes 
  21. * @param $privateKey 
  22. * @param string $privateKeyPassword 
  23. * @param string $assertionType 
  24. * @param bool|string $sub The email address of the user for which the 
  25. * application is requesting delegated access. 
  26. * @param bool useCache Whether to generate a cache key and allow 
  27. * automatic caching of the generated token. 
  28. */ 
  29. public function __construct( 
  30. $serviceAccountName,  
  31. $scopes,  
  32. $privateKey,  
  33. $privateKeyPassword = 'notasecret',  
  34. $assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',  
  35. $sub = false,  
  36. $useCache = true 
  37. ) { 
  38. $this->serviceAccountName = $serviceAccountName; 
  39. $this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes); 
  40. $this->privateKey = $privateKey; 
  41. $this->privateKeyPassword = $privateKeyPassword; 
  42. $this->assertionType = $assertionType; 
  43. $this->sub = $sub; 
  44. $this->prn = $sub; 
  45. $this->useCache = $useCache; 
  46.  
  47. public function setSignerClass($signerClass) { 
  48. $this->signerClass = $signerClass; 
  49.  
  50. /** 
  51. * Generate a unique key to represent this credential. 
  52. * @return string 
  53. */ 
  54. public function getCacheKey() 
  55. if (!$this->useCache) { 
  56. return false; 
  57. $h = $this->sub; 
  58. $h .= $this->assertionType; 
  59. $h .= $this->privateKey; 
  60. $h .= $this->scopes; 
  61. $h .= $this->serviceAccountName; 
  62. return md5($h); 
  63.  
  64. public function generateAssertion() 
  65. $now = time(); 
  66.  
  67. $jwtParams = array( 
  68. 'aud' => GoogleGAL_Auth_OAuth2::OAUTH2_TOKEN_URI,  
  69. 'scope' => $this->scopes,  
  70. 'iat' => $now,  
  71. 'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,  
  72. 'iss' => $this->serviceAccountName,  
  73. ); 
  74.  
  75. if ($this->sub !== false) { 
  76. $jwtParams['sub'] = $this->sub; 
  77. } else if ($this->prn !== false) { 
  78. $jwtParams['prn'] = $this->prn; 
  79.  
  80. return $this->makeSignedJwt($jwtParams); 
  81.  
  82. /** 
  83. * Creates a signed JWT. 
  84. * @param array $payload 
  85. * @return string The signed JWT. 
  86. */ 
  87. private function makeSignedJwt($payload) 
  88. $header = array('typ' => 'JWT', 'alg' => 'RS256'); 
  89.  
  90. $payload = json_encode($payload); 
  91. // Handle some overzealous escaping in PHP json that seemed to cause some errors 
  92. // with claimsets. 
  93. $payload = str_replace('\/', '/', $payload); 
  94.  
  95. $segments = array( 
  96. GoogleGAL_Utils::urlSafeB64Encode(json_encode($header)),  
  97. GoogleGAL_Utils::urlSafeB64Encode($payload) 
  98. ); 
  99.  
  100. $signingInput = implode('.', $segments); 
  101. $signer = new $this->signerClass($this->privateKey, $this->privateKeyPassword); 
  102. $signature = $signer->sign($signingInput); 
  103. $segments[] = GoogleGAL_Utils::urlSafeB64Encode($signature); 
  104.  
  105. return implode(".", $segments);