{"id":13405236,"url":"https://github.com/googleapis/google-auth-library-php","last_synced_at":"2025-05-11T03:45:34.915Z","repository":{"id":21990946,"uuid":"25315941","full_name":"googleapis/google-auth-library-php","owner":"googleapis","description":"Google Auth Library for PHP","archived":false,"fork":false,"pushed_at":"2025-04-15T21:47:32.000Z","size":20383,"stargazers_count":1364,"open_issues_count":32,"forks_count":193,"subscribers_count":71,"default_branch":"main","last_synced_at":"2025-05-11T03:45:27.224Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://googleapis.github.io/google-auth-library-php/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/googleapis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"COPYING","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-10-16T18:36:42.000Z","updated_at":"2025-05-06T07:15:10.000Z","dependencies_parsed_at":"2023-12-21T21:22:58.625Z","dependency_job_id":"1c898bd5-cd85-4d72-b041-c3303314bace","html_url":"https://github.com/googleapis/google-auth-library-php","commit_stats":{"total_commits":427,"total_committers":55,"mean_commits":7.763636363636364,"dds":0.5784543325526932,"last_synced_commit":"cfcb93162341ed5022fa976e621f0fa2b05ba6ad"},"previous_names":[],"tags_count":88,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/googleapis","download_url":"https://codeload.github.com/googleapis/google-auth-library-php/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253514555,"owners_count":21920334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T19:01:57.728Z","updated_at":"2025-05-11T03:45:34.896Z","avatar_url":"https://github.com/googleapis.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"# Google Auth Library for PHP\n\n\u003ca href=\"https://cloud.google.com/php/docs/reference/auth/latest\"\u003eReference Docs\u003c/a\u003e\n\n## Description\n\nThis is Google's officially supported PHP client library for using OAuth 2.0\nauthorization and authentication with Google APIs.\n\n### Installing via Composer\n\nThe recommended way to install the google auth library is through\n[Composer](http://getcomposer.org).\n\n```bash\n# Install Composer\ncurl -sS https://getcomposer.org/installer | php\n```\n\nNext, run the Composer command to install the latest stable version:\n\n```bash\ncomposer.phar require google/auth\n```\n\n## Application Default Credentials\n\nThis library provides an implementation of\n[Application Default Credentials (ADC)][application default credentials] for PHP.\n\nApplication Default Credentials provides a simple way to get authorization\ncredentials for use in calling Google APIs, and is\nthe recommended approach to authorize calls to Cloud APIs.\n\n**Important**: If you accept a credential configuration (credential JSON/File/Stream) from an\nexternal source for authentication to Google Cloud Platform, you must validate it before providing\nit to any Google API or library. Providing an unvalidated credential configuration to Google APIs\ncan compromise the security of your systems and data. For more information, refer to\n[Validate credential configurations from external sources][externally-sourced-credentials].\n\n[externally-sourced-credentials]: https://cloud.google.com/docs/authentication/external/externally-sourced-credentials\n\n### Set up ADC\n\nTo use ADC, you must set it up by providing credentials.\nHow you set up ADC depends on the environment where your code is running,\nand whether you are running code in a test or production environment.\n\nFor more information, see [Set up Application Default Credentials][set-up-adc].\n\n### Enable the API you want to use\n\nBefore making your API call, you must be sure the API you're calling has been\nenabled. Go to **APIs \u0026 Auth** \u003e **APIs** in the\n[Google Developers Console][developer console] and enable the APIs you'd like to\ncall. For the example below, you must enable the `Drive API`.\n\n### Call the APIs\n\nAs long as you update the environment variable below to point to *your* JSON\ncredentials file, the following code should output a list of your Drive files.\n\n```php\nuse Google\\Auth\\ApplicationDefaultCredentials;\nuse GuzzleHttp\\Client;\nuse GuzzleHttp\\HandlerStack;\n\n// specify the path to your application credentials\nputenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');\n\n// define the scopes for your API call\n$scopes = ['https://www.googleapis.com/auth/drive.readonly'];\n\n// create middleware\n$middleware = ApplicationDefaultCredentials::getMiddleware($scopes);\n$stack = HandlerStack::create();\n$stack-\u003epush($middleware);\n\n// create the HTTP client\n$client = new Client([\n  'handler' =\u003e $stack,\n  'base_uri' =\u003e 'https://www.googleapis.com',\n  'auth' =\u003e 'google_auth'  // authorize all requests\n]);\n\n// make the request\n$response = $client-\u003eget('drive/v2/files');\n\n// show the result!\nprint_r((string) $response-\u003egetBody());\n```\n\n##### Guzzle 5 Compatibility\n\nIf you are using [Guzzle 5][Guzzle 5], replace the `create middleware` and\n`create the HTTP Client` steps with the following:\n\n```php\n// create the HTTP client\n$client = new Client([\n  'base_url' =\u003e 'https://www.googleapis.com',\n  'auth' =\u003e 'google_auth'  // authorize all requests\n]);\n\n// create subscriber\n$subscriber = ApplicationDefaultCredentials::getSubscriber($scopes);\n$client-\u003egetEmitter()-\u003eattach($subscriber);\n```\n\n#### Call using an ID Token\nIf your application is running behind Cloud Run, or using Cloud Identity-Aware\nProxy (IAP), you will need to fetch an ID token to access your application. For\nthis, use the static method `getIdTokenMiddleware` on\n`ApplicationDefaultCredentials`.\n\n```php\nuse Google\\Auth\\ApplicationDefaultCredentials;\nuse GuzzleHttp\\Client;\nuse GuzzleHttp\\HandlerStack;\n\n// specify the path to your application credentials\nputenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');\n\n// Provide the ID token audience. This can be a Client ID associated with an IAP application,\n// Or the URL associated with a CloudRun App\n//    $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';\n//    $targetAudience = 'https://service-1234-uc.a.run.app';\n$targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';\n\n// create middleware\n$middleware = ApplicationDefaultCredentials::getIdTokenMiddleware($targetAudience);\n$stack = HandlerStack::create();\n$stack-\u003epush($middleware);\n\n// create the HTTP client\n$client = new Client([\n  'handler' =\u003e $stack,\n  'auth' =\u003e 'google_auth',\n  // Cloud Run, IAP, or custom resource URL\n  'base_uri' =\u003e 'https://YOUR_PROTECTED_RESOURCE',\n]);\n\n// make the request\n$response = $client-\u003eget('/');\n\n// show the result!\nprint_r((string) $response-\u003egetBody());\n```\n\nFor invoking Cloud Run services, your service account will need the\n[`Cloud Run Invoker`](https://cloud.google.com/run/docs/authenticating/service-to-service)\nIAM permission.\n\nFor invoking Cloud Identity-Aware Proxy, you will need to pass the Client ID\nused when you set up your protected resource as the target audience. See how to\n[secure your IAP app with signed headers](https://cloud.google.com/iap/docs/signed-headers-howto).\n\n#### Call using a specific JSON key\nIf you want to use a specific JSON key instead of using `GOOGLE_APPLICATION_CREDENTIALS` environment variable, you can\n do this:\n\n```php\nuse Google\\Auth\\CredentialsLoader;\nuse Google\\Auth\\Middleware\\AuthTokenMiddleware;\nuse GuzzleHttp\\Client;\nuse GuzzleHttp\\HandlerStack;\n\n// Define the Google Application Credentials array\n$jsonKey = ['key' =\u003e 'value'];\n\n// define the scopes for your API call\n$scopes = ['https://www.googleapis.com/auth/drive.readonly'];\n\n// Load credentials\n$creds = CredentialsLoader::makeCredentials($scopes, $jsonKey);\n\n// optional caching\n// $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache);\n\n// create middleware\n$middleware = new AuthTokenMiddleware($creds);\n$stack = HandlerStack::create();\n$stack-\u003epush($middleware);\n\n// create the HTTP client\n$client = new Client([\n  'handler' =\u003e $stack,\n  'base_uri' =\u003e 'https://www.googleapis.com',\n  'auth' =\u003e 'google_auth'  // authorize all requests\n]);\n\n// make the request\n$response = $client-\u003eget('drive/v2/files');\n\n// show the result!\nprint_r((string) $response-\u003egetBody());\n\n```\n\n#### Call using Proxy-Authorization Header\nIf your application is behind a proxy such as [Google Cloud IAP][iap-proxy-header],\nand your application occupies the `Authorization` request header,\nyou can include the ID token in a `Proxy-Authorization: Bearer`\nheader instead. If a valid ID token is found in a `Proxy-Authorization` header,\nIAP authorizes the request with it. After authorizing the request, IAP passes\nthe Authorization header to your application without processing the content.\nFor this, use the static method `getProxyIdTokenMiddleware` on\n`ApplicationDefaultCredentials`.\n\n```php\nuse Google\\Auth\\ApplicationDefaultCredentials;\nuse GuzzleHttp\\Client;\nuse GuzzleHttp\\HandlerStack;\n\n// specify the path to your application credentials\nputenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');\n\n// Provide the ID token audience. This can be a Client ID associated with an IAP application\n//    $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';\n$targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';\n\n// create middleware\n$middleware = ApplicationDefaultCredentials::getProxyIdTokenMiddleware($targetAudience);\n$stack = HandlerStack::create();\n$stack-\u003epush($middleware);\n\n// create the HTTP client\n$client = new Client([\n  'handler' =\u003e $stack,\n  'auth' =\u003e ['username', 'pass'], // auth option handled by your application\n  'proxy_auth' =\u003e 'google_auth',\n]);\n\n// make the request\n$response = $client-\u003eget('/');\n\n// show the result!\nprint_r((string) $response-\u003egetBody());\n```\n\n[iap-proxy-header]: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_proxy-authorization_header\n\n#### External credentials (Workload identity federation)\n\nUsing workload identity federation, your application can access Google Cloud resources from Amazon Web Services (AWS),\nMicrosoft Azure or any identity provider that supports OpenID Connect (OIDC).\n\nTraditionally, applications running outside Google Cloud have used service account keys to access Google Cloud\nresources. Using identity federation, you can allow your workload to impersonate a service account. This lets you access\nGoogle Cloud resources directly, eliminating the maintenance and security burden associated with service account keys.\n\nFollow the detailed instructions on how to\n[Configure Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds).\n\n#### Verifying JWTs\n\nIf you are [using Google ID tokens to authenticate users][google-id-tokens], use\nthe `Google\\Auth\\AccessToken` class to verify the ID token:\n\n```php\nuse Google\\Auth\\AccessToken;\n\n$auth = new AccessToken();\n$auth-\u003everify($idToken);\n```\n\nIf your app is running behind [Google Identity-Aware Proxy][iap-id-tokens]\n(IAP), you can verify the ID token coming from the IAP server by pointing to the\nappropriate certificate URL for IAP. This is because IAP signs the ID\ntokens with a different key than the Google Identity service:\n\n```php\nuse Google\\Auth\\AccessToken;\n\n$auth = new AccessToken();\n$auth-\u003everify($idToken, [\n  'certsLocation' =\u003e AccessToken::IAP_CERT_URL\n]);\n```\n\n[google-id-tokens]: https://developers.google.com/identity/sign-in/web/backend-auth\n[iap-id-tokens]: https://cloud.google.com/iap/docs/signed-headers-howto\n\n## Caching\nCaching is enabled by passing a PSR-6 `CacheItemPoolInterface`\ninstance to the constructor when instantiating the credentials.\n\nWe offer some caching classes out of the box under the `Google\\Auth\\Cache` namespace.\n\n```php\nuse Google\\Auth\\ApplicationDefaultCredentials;\nuse Google\\Auth\\Cache\\MemoryCacheItemPool;\n\n// Cache Instance\n$memoryCache = new MemoryCacheItemPool;\n\n// Get the credentials\n// From here, the credentials will cache the access token\n$middleware = ApplicationDefaultCredentials::getCredentials($scope, cache: $memoryCache);\n```\n\n### FileSystemCacheItemPool Cache\nThe `FileSystemCacheItemPool` class is a `PSR-6` compliant cache that stores its\nserialized objects on disk, caching data between processes and making it possible\nto use data between different requests.\n\n```php\nuse Google\\Auth\\Cache\\FileSystemCacheItemPool;\nuse Google\\Auth\\ApplicationDefaultCredentials;\n\n// Create a Cache pool instance\n$cache = new FileSystemCacheItemPool(__DIR__ . '/cache');\n\n// Pass your Cache to the Auth Library\n$credentials = ApplicationDefaultCredentials::getCredentials($scope, cache: $cache);\n\n// This token will be cached and be able to be used for the next request\n$token = $credentials-\u003efetchAuthToken();\n```\n\n### Integrating with a third party cache\nYou can use a third party that follows the `PSR-6` interface of your choice.\n\n```php\n// run \"composer require symfony/cache\"\nuse Google\\Auth\\ApplicationDefaultCredentials;\nuse Symfony\\Component\\Cache\\Adapter\\FilesystemAdapter;\n\n// Create the cache instance\n$filesystemCache = new FilesystemAdapter();\n\n// Create Get the credentials\n$credentials = ApplicationDefaultCredentials::getCredentials($targetAudience, cache: $filesystemCache);\n```\n\n## License\n\nThis library is licensed under Apache 2.0. Full license text is\navailable in [COPYING][copying].\n\n## Contributing\n\nSee [CONTRIBUTING][contributing].\n\n## Support\n\nPlease\n[report bugs at the project on Github](https://github.com/google/google-auth-library-php/issues). Don't\nhesitate to\n[ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-php)\nabout the client or APIs on [StackOverflow](http://stackoverflow.com).\n\n[google-apis-php-client]: https://github.com/google/google-api-php-client\n[application default credentials]: https://cloud.google.com/docs/authentication/application-default-credentials\n[contributing]: https://github.com/google/google-auth-library-php/tree/main/.github/CONTRIBUTING.md\n[copying]: https://github.com/google/google-auth-library-php/tree/main/COPYING\n[Guzzle]: https://github.com/guzzle/guzzle\n[Guzzle 5]: http://docs.guzzlephp.org/en/5.3\n[developer console]: https://console.developers.google.com\n[set-up-adc]: https://cloud.google.com/docs/authentication/provide-credentials-adc\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-php/lists"}