Google_AssertionCredentials

Credentials object used for OAuth 2.0 Signed JWT assertion grants.

Defined (1)

The class is defined in the following location(s).

/gdwpm-api/auth/Google_AssertionCredentials.php  
  1. class Google_AssertionCredentials { 
  2. const MAX_TOKEN_LIFETIME_SECS = 3600; 
  3.  
  4. public $serviceAccountName; 
  5. public $scopes; 
  6. public $privateKey; 
  7. public $privateKeyPassword; 
  8. public $assertionType; 
  9. public $sub; 
  10. /** 
  11. * @deprecated 
  12. * @link http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06 
  13. */ 
  14. public $prn; 
  15.  
  16. /** 
  17. * @param $serviceAccountName 
  18. * @param $scopes array List of scopes 
  19. * @param $privateKey 
  20. * @param string $privateKeyPassword 
  21. * @param string $assertionType 
  22. * @param bool|string $sub The email address of the user for which the 
  23. * application is requesting delegated access. 
  24. */ 
  25. public function __construct( 
  26. $serviceAccountName,  
  27. $scopes,  
  28. $privateKey,  
  29. $privateKeyPassword = 'notasecret',  
  30. $assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',  
  31. $sub = false) { 
  32. $this->serviceAccountName = $serviceAccountName; 
  33. $this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes); 
  34. $this->privateKey = $privateKey; 
  35. $this->privateKeyPassword = $privateKeyPassword; 
  36. $this->assertionType = $assertionType; 
  37. $this->sub = $sub; 
  38. $this->prn = $sub; 
  39.  
  40. public function generateAssertion() { 
  41. $now = time(); 
  42.  
  43. $jwtParams = array( 
  44. 'aud' => Google_OAuth2::OAUTH2_TOKEN_URI,  
  45. 'scope' => $this->scopes,  
  46. 'iat' => $now,  
  47. 'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,  
  48. 'iss' => $this->serviceAccountName,  
  49. ); 
  50.  
  51. if ($this->sub !== false) { 
  52. $jwtParams['sub'] = $this->sub; 
  53. } else if ($this->prn !== false) { 
  54. $jwtParams['prn'] = $this->prn; 
  55.  
  56. return $this->makeSignedJwt($jwtParams); 
  57.  
  58. /** 
  59. * Creates a signed JWT. 
  60. * @param array $payload 
  61. * @return string The signed JWT. 
  62. */ 
  63. private function makeSignedJwt($payload) { 
  64. $header = array('typ' => 'JWT', 'alg' => 'RS256'); 
  65.  
  66. $segments = array( 
  67. Google_Utils::urlSafeB64Encode(json_encode($header)),  
  68. Google_Utils::urlSafeB64Encode(json_encode($payload)) 
  69. ); 
  70.  
  71. $signingInput = implode('.', $segments); 
  72. $signer = new Google_P12Signer($this->privateKey, $this->privateKeyPassword); 
  73. $signature = $signer->sign($signingInput); 
  74. $segments[] = Google_Utils::urlSafeB64Encode($signature); 
  75.  
  76. return implode(".", $segments);