-
Notifications
You must be signed in to change notification settings - Fork 0
/
AuthorizedUserCredentials.php
108 lines (80 loc) · 3.31 KB
/
AuthorizedUserCredentials.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php declare(strict_types=1);
namespace ericnorris\GCPAuthContrib\Credentials;
use GuzzleHttp\ClientInterface;
use ericnorris\GCPAuthContrib\Contracts\Credentials;
use ericnorris\GCPAuthContrib\Internal\Credentials\OAuth2Credentials;
use ericnorris\GCPAuthContrib\Response\GenerateSignatureResponse;
class AuthorizedUserCredentials extends OAuth2Credentials implements Credentials {
const REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
/** @var string */
private $clientId;
/** @var string */
private $clientSecret;
/** @var string */
private $refreshToken;
/** @var ?string */
private $quotaProject;
public function __construct(ClientInterface $httpClient, array $credentials) {
parent::__construct($httpClient);
if (!self::isAuthorizedUserCredentials($credentials)) {
throw new \InvalidArgumentException("Argument does not appear to be OAuth2 credentials");
}
$this->clientId = (string)($credentials["client_id"] ?? "");
$this->clientSecret = (string)($credentials["client_secret"] ?? "");
$this->refreshToken = (string)($credentials["refresh_token"] ?? "");
$this->quotaProject = isset($credentials["quota_project_id"]) ? (string)$credentials["quota_project_id"] : null;
if (empty($this->clientId)) {
throw new \InvalidArgumentException("OAuth2 credentials has missing or empty 'client_id' field");
}
if (empty($this->clientSecret)) {
throw new \InvalidArgumentException("OAuth2 credentials has missing or empty 'client_secret' field");
}
if (empty($this->refreshToken)) {
throw new \InvalidArgumentException("OAuth2 credentials has missing or empty 'refresh_token' field");
}
}
public static function isAuthorizedUserCredentials(array $credentials): bool {
return ($credentials["type"] ?? "") === "authorized_user";
}
/**
* Not supported.
*/
public function fetchProjectID(): string {
throw new \BadMethodCallException(__CLASS__ . " does not support " . __FUNCTION__);
}
/**
* Not supported.
*/
public function fetchServiceAccountEmail(): string {
throw new \BadMethodCallException(__CLASS__ . " does not support " . __FUNCTION__);
}
/**
* Not supported.
*/
public function generateSignature(string $toSign): GenerateSignatureResponse {
throw new \BadMethodCallException(__CLASS__ . " does not support " . __FUNCTION__);
}
/**
* Returns true if this class supports the given capability.
*/
public function supportsCapability(string $capability): bool {
switch ($capability) {
case Credentials::CAN_FETCH_PROJECT_ID:
return false;
case Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL:
return false;
case Credentials::CAN_GENERATE_SIGNATURE:
return false;
}
}
protected function getOAuth2GrantType(): string {
return self::REFRESH_TOKEN_GRANT_TYPE;
}
protected function assertClaims(array $claims): array {
return array_merge([
"client_id" => $this->clientId,
"client_secret" => $this->clientSecret,
"refresh_token" => $this->refreshToken,
], $claims);
}
}