109 lines
3.4 KiB
PHP
109 lines
3.4 KiB
PHP
<?php
|
|
/*
|
|
* Copyright 2023 Google Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
namespace Google\Auth\CredentialSource;
|
|
|
|
use Google\Auth\ExternalAccountCredentialSourceInterface;
|
|
use Google\Auth\HttpHandler\HttpClientCache;
|
|
use Google\Auth\HttpHandler\HttpHandlerFactory;
|
|
use GuzzleHttp\Psr7\Request;
|
|
use InvalidArgumentException;
|
|
use UnexpectedValueException;
|
|
|
|
/**
|
|
* Retrieve a token from a URL.
|
|
*/
|
|
class UrlSource implements ExternalAccountCredentialSourceInterface
|
|
{
|
|
private string $url;
|
|
private ?string $format;
|
|
private ?string $subjectTokenFieldName;
|
|
|
|
/**
|
|
* @var array<string, string|string[]>
|
|
*/
|
|
private ?array $headers;
|
|
|
|
/**
|
|
* @param string $url The URL to fetch the subject token from.
|
|
* @param string|null $format The format of the token in the response. Can be null or "json".
|
|
* @param string|null $subjectTokenFieldName The name of the field containing the token in the response. This is required
|
|
* when format is "json".
|
|
* @param array<string, string|string[]>|null $headers Request headers to send in with the request to the URL.
|
|
*/
|
|
public function __construct(
|
|
string $url,
|
|
?string $format = null,
|
|
?string $subjectTokenFieldName = null,
|
|
?array $headers = null
|
|
) {
|
|
$this->url = $url;
|
|
|
|
if ($format === 'json' && is_null($subjectTokenFieldName)) {
|
|
throw new InvalidArgumentException(
|
|
'subject_token_field_name must be set when format is JSON'
|
|
);
|
|
}
|
|
|
|
$this->format = $format;
|
|
$this->subjectTokenFieldName = $subjectTokenFieldName;
|
|
$this->headers = $headers;
|
|
}
|
|
|
|
public function fetchSubjectToken(?callable $httpHandler = null): string
|
|
{
|
|
if (is_null($httpHandler)) {
|
|
$httpHandler = HttpHandlerFactory::build(HttpClientCache::getHttpClient());
|
|
}
|
|
|
|
$request = new Request(
|
|
'GET',
|
|
$this->url,
|
|
$this->headers ?: []
|
|
);
|
|
|
|
$response = $httpHandler($request);
|
|
$body = (string) $response->getBody();
|
|
if ($this->format === 'json') {
|
|
if (!$json = json_decode((string) $body, true)) {
|
|
throw new UnexpectedValueException(
|
|
'Unable to decode JSON response'
|
|
);
|
|
}
|
|
if (!isset($json[$this->subjectTokenFieldName])) {
|
|
throw new UnexpectedValueException(
|
|
'subject_token_field_name not found in JSON file'
|
|
);
|
|
}
|
|
$body = $json[$this->subjectTokenFieldName];
|
|
}
|
|
|
|
return $body;
|
|
}
|
|
|
|
/**
|
|
* Get the cache key for the credentials.
|
|
* The format for the cache key is:
|
|
* URL
|
|
*
|
|
* @return ?string
|
|
*/
|
|
public function getCacheKey(): ?string
|
|
{
|
|
return $this->url;
|
|
}
|
|
}
|