开源软件名称(OpenSource Name):googleapis/google-auth-library-php开源软件地址(OpenSource Url):https://github.com/googleapis/google-auth-library-php开源编程语言(OpenSource Language):PHP 100.0%开源软件介绍(OpenSource Introduction):Google Auth Library for PHP
DescriptionThis is Google's officially supported PHP client library for using OAuth 2.0 authorization and authentication with Google APIs. Installing via ComposerThe recommended way to install the google auth library is through Composer. # Install Composer
curl -sS https://getcomposer.org/installer | php Next, run the Composer command to install the latest stable version: composer.phar require google/auth Application Default CredentialsThis library provides an implementation of application default credentials for PHP. The Application Default Credentials provide a simple way to get authorization credentials for use in calling Google APIs. They are best suited for cases when the call needs to have the same identity and authorization level for the application independent of the user. This is the recommended approach to authorize calls to Cloud APIs, particularly when you're building an application that uses Google Compute Engine. Download your Service Account Credentials JSON fileTo use
Once downloaded, store the path to this file in the
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
Enable the API you want to useBefore making your API call, you must be sure the API you're calling has been
enabled. Go to APIs & Auth > APIs in the
Google Developers Console and enable the APIs you'd like to
call. For the example below, you must enable the Call the APIsAs long as you update the environment variable below to point to your JSON credentials file, the following code should output a list of your Drive files. use Google\Auth\ApplicationDefaultCredentials;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
// specify the path to your application credentials
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
// define the scopes for your API call
$scopes = ['https://www.googleapis.com/auth/drive.readonly'];
// create middleware
$middleware = ApplicationDefaultCredentials::getMiddleware($scopes);
$stack = HandlerStack::create();
$stack->push($middleware);
// create the HTTP client
$client = new Client([
'handler' => $stack,
'base_uri' => 'https://www.googleapis.com',
'auth' => 'google_auth' // authorize all requests
]);
// make the request
$response = $client->get('drive/v2/files');
// show the result!
print_r((string) $response->getBody()); Guzzle 5 CompatibilityIf you are using Guzzle 5, replace the // create the HTTP client
$client = new Client([
'base_url' => 'https://www.googleapis.com',
'auth' => 'google_auth' // authorize all requests
]);
// create subscriber
$subscriber = ApplicationDefaultCredentials::getSubscriber($scopes);
$client->getEmitter()->attach($subscriber); Call using an ID TokenIf your application is running behind Cloud Run, or using Cloud Identity-Aware
Proxy (IAP), you will need to fetch an ID token to access your application. For
this, use the static method use Google\Auth\ApplicationDefaultCredentials;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
// specify the path to your application credentials
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
// Provide the ID token audience. This can be a Client ID associated with an IAP application,
// Or the URL associated with a CloudRun App
// $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';
// $targetAudience = 'https://service-1234-uc.a.run.app';
$targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';
// create middleware
$middleware = ApplicationDefaultCredentials::getIdTokenMiddleware($targetAudience);
$stack = HandlerStack::create();
$stack->push($middleware);
// create the HTTP client
$client = new Client([
'handler' => $stack,
'auth' => 'google_auth',
// Cloud Run, IAP, or custom resource URL
'base_uri' => 'https://YOUR_PROTECTED_RESOURCE',
]);
// make the request
$response = $client->get('/');
// show the result!
print_r((string) $response->getBody()); For invoking Cloud Run services, your service account will need the
For invoking Cloud Identity-Aware Proxy, you will need to pass the Client ID used when you set up your protected resource as the target audience. See how to secure your IAP app with signed headers. Call using a specific JSON keyIf you want to use a specific JSON key instead of using use Google\Auth\CredentialsLoader;
use Google\Auth\Middleware\AuthTokenMiddleware;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
// Define the Google Application Credentials array
$jsonKey = ['key' => 'value'];
// define the scopes for your API call
$scopes = ['https://www.googleapis.com/auth/drive.readonly'];
// Load credentials
$creds = CredentialsLoader::makeCredentials($scopes, $jsonKey);
// optional caching
// $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache);
// create middleware
$middleware = new AuthTokenMiddleware($creds);
$stack = HandlerStack::create();
$stack->push($middleware);
// create the HTTP client
$client = new Client([
'handler' => $stack,
'base_uri' => 'https://www.googleapis.com',
'auth' => 'google_auth' // authorize all requests
]);
// make the request
$response = $client->get('drive/v2/files');
// show the result!
print_r((string) $response->getBody()); Call using Proxy-Authorization HeaderIf your application is behind a proxy such as Google Cloud IAP,
and your application occupies the use Google\Auth\ApplicationDefaultCredentials;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
// specify the path to your application credentials
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
// Provide the ID token audience. This can be a Client ID associated with an IAP application
// $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';
$targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';
// create middleware
$middleware = ApplicationDefaultCredentials::getProxyIdTokenMiddleware($targetAudience);
$stack = HandlerStack::create();
$stack->push($middleware);
// create the HTTP client
$client = new Client([
'handler' => $stack,
'auth' => ['username', 'pass'], // auth option handled by your application
'proxy_auth' => 'google_auth',
]);
// make the request
$response = $client->get('/');
// show the result!
print_r((string) $response->getBody()); Verifying JWTsIf you are using Google ID tokens to authenticate users, use
the use Google\Auth\AccessToken;
$auth = new AccessToken();
$auth->verify($idToken); If your app is running behind Google Identity-Aware Proxy (IAP), you can verify the ID token coming from the IAP server by pointing to the appropriate certificate URL for IAP. This is because IAP signs the ID tokens with a different key than the Google Identity service: use Google\Auth\AccessToken;
$auth = new AccessToken();
$auth->verify($idToken, [
'certsLocation' => AccessToken::IAP_CERT_URL
]); LicenseThis library is licensed under Apache 2.0. Full license text is available in COPYING. ContributingSee CONTRIBUTING. SupportPlease report bugs at the project on Github. Don't hesitate to ask questions about the client or APIs on StackOverflow. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论