You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to useApplicationDefaultCredentials, we should look into enabling Self Signed JWTs by default. Right now this is possible, but only by providing custom credentials, e.g:
useGoogle\Auth\ApplicationDefaultCredentials;
useGoogle\Auth\Credentials\ServiceAccountCredentials;
useGoogle\Client;
// use Application Default Credentials (e.g. the GOOGLE_APPLICATION_CREDENTIALS environment variable)$credentials = ApplicationDefaultCredentials::makeCredentials();
if ($credentialsinstanceof ServiceAccountCredentials) {
// ensure that Service Account Credentials use Self-Signed JWT instead // of making an HTTP request to the OAuth2 server$credentials->useJwtAccessWithScope();
}
$client = newClient(['credentials' => $credentials]);
The reason that Self-Signed JWT is not default behavior for this library is simply because there are so many APIs (more than 300) that we cannot be confident they will all work as expected with JWTs.
We can at the very least add a feature for a flag or function that enables the SSJWTs, so that you don't need to manually create them as shown above. Something like this, for instance:
// in the constructor$client = newGoogle\Client(['use_self_signed_jwt' => true]);
// in a method$client->useSelfSignedJwt(true);
This would essentially just call useJwtAccessWithScope on the credentials if those credentials are ServiceAccountCredentials. Otherwise it would do nothing.
Similar to
useApplicationDefaultCredentials
, we should look into enabling Self Signed JWTs by default. Right now this is possible, but only by providing custom credentials, e.g:The reason that Self-Signed JWT is not default behavior for this library is simply because there are so many APIs (more than 300) that we cannot be confident they will all work as expected with JWTs.
We can at the very least add a feature for a flag or function that enables the SSJWTs, so that you don't need to manually create them as shown above. Something like this, for instance:
This would essentially just call
useJwtAccessWithScope
on the credentials if those credentials areServiceAccountCredentials
. Otherwise it would do nothing.See google-wallet/rest-samples#112 and googleapis/google-auth-library-php#557 for a full discussion and related feature request.
The text was updated successfully, but these errors were encountered: