Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/tutor-pro/vendor/google/auth/README.md

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + # Google Auth Library for PHP
2 +
3 + <dl>
4 + <dt>Homepage</dt><dd><a href="http://www.github.com/google/google-auth-library-php">http://www.github.com/google/google-auth-library-php</a></dd>
5 + <dt>Reference Docs</dt><dd><a href="https://googleapis.github.io/google-auth-library-php/main/">https://googleapis.github.io/google-auth-library-php/main/</a></dd>
6 + <dt>Authors</dt>
7 + <dd><a href="mailto:temiola@google.com">Tim Emiola</a></dd>
8 + <dd><a href="mailto:stanleycheung@google.com">Stanley Cheung</a></dd>
9 + <dd><a href="mailto:betterbrent@google.com">Brent Shaffer</a></dd>
10 + <dt>Copyright</dt><dd>Copyright © 2015 Google, Inc.</dd>
11 + <dt>License</dt><dd>Apache 2.0</dd>
12 + </dl>
13 +
14 + ## Description
15 +
16 + This is Google's officially supported PHP client library for using OAuth 2.0
17 + authorization and authentication with Google APIs.
18 +
19 + ### Installing via Composer
20 +
21 + The recommended way to install the google auth library is through
22 + [Composer](http://getcomposer.org).
23 +
24 + ```bash
25 + # Install Composer
26 + curl -sS https://getcomposer.org/installer | php
27 + ```
28 +
29 + Next, run the Composer command to install the latest stable version:
30 +
31 + ```bash
32 + composer.phar require google/auth
33 + ```
34 +
35 + ## Application Default Credentials
36 +
37 + This library provides an implementation of
38 + [Application Default Credentials (ADC)][application default credentials] for PHP.
39 +
40 + Application Default Credentials provides a simple way to get authorization
41 + credentials for use in calling Google APIs, and is
42 + the recommended approach to authorize calls to Cloud APIs.
43 +
44 + ### Set up ADC
45 +
46 + To use ADC, you must set it up by providing credentials.
47 + How you set up ADC depends on the environment where your code is running,
48 + and whether you are running code in a test or production environment.
49 +
50 + For more information, see [Set up Application Default Credentials][set-up-adc].
51 +
52 + ### Enable the API you want to use
53 +
54 + Before making your API call, you must be sure the API you're calling has been
55 + enabled. Go to **APIs & Auth** > **APIs** in the
56 + [Google Developers Console][developer console] and enable the APIs you'd like to
57 + call. For the example below, you must enable the `Drive API`.
58 +
59 + ### Call the APIs
60 +
61 + As long as you update the environment variable below to point to *your* JSON
62 + credentials file, the following code should output a list of your Drive files.
63 +
64 + ```php
65 + use Google\Auth\ApplicationDefaultCredentials;
66 + use GuzzleHttp\Client;
67 + use GuzzleHttp\HandlerStack;
68 +
69 + // specify the path to your application credentials
70 + putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
71 +
72 + // define the scopes for your API call
73 + $scopes = ['https://www.googleapis.com/auth/drive.readonly'];
74 +
75 + // create middleware
76 + $middleware = ApplicationDefaultCredentials::getMiddleware($scopes);
77 + $stack = HandlerStack::create();
78 + $stack->push($middleware);
79 +
80 + // create the HTTP client
81 + $client = new Client([
82 + 'handler' => $stack,
83 + 'base_uri' => 'https://www.googleapis.com',
84 + 'auth' => 'google_auth' // authorize all requests
85 + ]);
86 +
87 + // make the request
88 + $response = $client->get('drive/v2/files');
89 +
90 + // show the result!
91 + print_r((string) $response->getBody());
92 + ```
93 +
94 + ##### Guzzle 5 Compatibility
95 +
96 + If you are using [Guzzle 5][Guzzle 5], replace the `create middleware` and
97 + `create the HTTP Client` steps with the following:
98 +
99 + ```php
100 + // create the HTTP client
101 + $client = new Client([
102 + 'base_url' => 'https://www.googleapis.com',
103 + 'auth' => 'google_auth' // authorize all requests
104 + ]);
105 +
106 + // create subscriber
107 + $subscriber = ApplicationDefaultCredentials::getSubscriber($scopes);
108 + $client->getEmitter()->attach($subscriber);
109 + ```
110 +
111 + #### Call using an ID Token
112 + If your application is running behind Cloud Run, or using Cloud Identity-Aware
113 + Proxy (IAP), you will need to fetch an ID token to access your application. For
114 + this, use the static method `getIdTokenMiddleware` on
115 + `ApplicationDefaultCredentials`.
116 +
117 + ```php
118 + use Google\Auth\ApplicationDefaultCredentials;
119 + use GuzzleHttp\Client;
120 + use GuzzleHttp\HandlerStack;
121 +
122 + // specify the path to your application credentials
123 + putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
124 +
125 + // Provide the ID token audience. This can be a Client ID associated with an IAP application,
126 + // Or the URL associated with a CloudRun App
127 + // $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';
128 + // $targetAudience = 'https://service-1234-uc.a.run.app';
129 + $targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';
130 +
131 + // create middleware
132 + $middleware = ApplicationDefaultCredentials::getIdTokenMiddleware($targetAudience);
133 + $stack = HandlerStack::create();
134 + $stack->push($middleware);
135 +
136 + // create the HTTP client
137 + $client = new Client([
138 + 'handler' => $stack,
139 + 'auth' => 'google_auth',
140 + // Cloud Run, IAP, or custom resource URL
141 + 'base_uri' => 'https://YOUR_PROTECTED_RESOURCE',
142 + ]);
143 +
144 + // make the request
145 + $response = $client->get('/');
146 +
147 + // show the result!
148 + print_r((string) $response->getBody());
149 + ```
150 +
151 + For invoking Cloud Run services, your service account will need the
152 + [`Cloud Run Invoker`](https://cloud.google.com/run/docs/authenticating/service-to-service)
153 + IAM permission.
154 +
155 + For invoking Cloud Identity-Aware Proxy, you will need to pass the Client ID
156 + used when you set up your protected resource as the target audience. See how to
157 + [secure your IAP app with signed headers](https://cloud.google.com/iap/docs/signed-headers-howto).
158 +
159 + #### Call using a specific JSON key
160 + If you want to use a specific JSON key instead of using `GOOGLE_APPLICATION_CREDENTIALS` environment variable, you can
161 + do this:
162 +
163 + ```php
164 + use Google\Auth\CredentialsLoader;
165 + use Google\Auth\Middleware\AuthTokenMiddleware;
166 + use GuzzleHttp\Client;
167 + use GuzzleHttp\HandlerStack;
168 +
169 + // Define the Google Application Credentials array
170 + $jsonKey = ['key' => 'value'];
171 +
172 + // define the scopes for your API call
173 + $scopes = ['https://www.googleapis.com/auth/drive.readonly'];
174 +
175 + // Load credentials
176 + $creds = CredentialsLoader::makeCredentials($scopes, $jsonKey);
177 +
178 + // optional caching
179 + // $creds = new FetchAuthTokenCache($creds, $cacheConfig, $cache);
180 +
181 + // create middleware
182 + $middleware = new AuthTokenMiddleware($creds);
183 + $stack = HandlerStack::create();
184 + $stack->push($middleware);
185 +
186 + // create the HTTP client
187 + $client = new Client([
188 + 'handler' => $stack,
189 + 'base_uri' => 'https://www.googleapis.com',
190 + 'auth' => 'google_auth' // authorize all requests
191 + ]);
192 +
193 + // make the request
194 + $response = $client->get('drive/v2/files');
195 +
196 + // show the result!
197 + print_r((string) $response->getBody());
198 +
199 + ```
200 +
201 + #### Call using Proxy-Authorization Header
202 + If your application is behind a proxy such as [Google Cloud IAP][iap-proxy-header],
203 + and your application occupies the `Authorization` request header,
204 + you can include the ID token in a `Proxy-Authorization: Bearer`
205 + header instead. If a valid ID token is found in a `Proxy-Authorization` header,
206 + IAP authorizes the request with it. After authorizing the request, IAP passes
207 + the Authorization header to your application without processing the content.
208 + For this, use the static method `getProxyIdTokenMiddleware` on
209 + `ApplicationDefaultCredentials`.
210 +
211 + ```php
212 + use Google\Auth\ApplicationDefaultCredentials;
213 + use GuzzleHttp\Client;
214 + use GuzzleHttp\HandlerStack;
215 +
216 + // specify the path to your application credentials
217 + putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/credentials.json');
218 +
219 + // Provide the ID token audience. This can be a Client ID associated with an IAP application
220 + // $targetAudience = 'IAP_CLIENT_ID.apps.googleusercontent.com';
221 + $targetAudience = 'YOUR_ID_TOKEN_AUDIENCE';
222 +
223 + // create middleware
224 + $middleware = ApplicationDefaultCredentials::getProxyIdTokenMiddleware($targetAudience);
225 + $stack = HandlerStack::create();
226 + $stack->push($middleware);
227 +
228 + // create the HTTP client
229 + $client = new Client([
230 + 'handler' => $stack,
231 + 'auth' => ['username', 'pass'], // auth option handled by your application
232 + 'proxy_auth' => 'google_auth',
233 + ]);
234 +
235 + // make the request
236 + $response = $client->get('/');
237 +
238 + // show the result!
239 + print_r((string) $response->getBody());
240 + ```
241 +
242 + [iap-proxy-header]: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_proxy-authorization_header
243 +
244 + #### External credentials (Workload identity federation)
245 +
246 + Using workload identity federation, your application can access Google Cloud resources from Amazon Web Services (AWS),
247 + Microsoft Azure or any identity provider that supports OpenID Connect (OIDC).
248 +
249 + Traditionally, applications running outside Google Cloud have used service account keys to access Google Cloud
250 + resources. Using identity federation, you can allow your workload to impersonate a service account. This lets you access
251 + Google Cloud resources directly, eliminating the maintenance and security burden associated with service account keys.
252 +
253 + Follow the detailed instructions on how to
254 + [Configure Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds).
255 +
256 + #### Verifying JWTs
257 +
258 + If you are [using Google ID tokens to authenticate users][google-id-tokens], use
259 + the `Google\Auth\AccessToken` class to verify the ID token:
260 +
261 + ```php
262 + use Google\Auth\AccessToken;
263 +
264 + $auth = new AccessToken();
265 + $auth->verify($idToken);
266 + ```
267 +
268 + If your app is running behind [Google Identity-Aware Proxy][iap-id-tokens]
269 + (IAP), you can verify the ID token coming from the IAP server by pointing to the
270 + appropriate certificate URL for IAP. This is because IAP signs the ID
271 + tokens with a different key than the Google Identity service:
272 +
273 + ```php
274 + use Google\Auth\AccessToken;
275 +
276 + $auth = new AccessToken();
277 + $auth->verify($idToken, [
278 + 'certsLocation' => AccessToken::IAP_CERT_URL
279 + ]);
280 + ```
281 +
282 + [google-id-tokens]: https://developers.google.com/identity/sign-in/web/backend-auth
283 + [iap-id-tokens]: https://cloud.google.com/iap/docs/signed-headers-howto
284 +
285 + ## License
286 +
287 + This library is licensed under Apache 2.0. Full license text is
288 + available in [COPYING][copying].
289 +
290 + ## Contributing
291 +
292 + See [CONTRIBUTING][contributing].
293 +
294 + ## Support
295 +
296 + Please
297 + [report bugs at the project on Github](https://github.com/google/google-auth-library-php/issues). Don't
298 + hesitate to
299 + [ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-php)
300 + about the client or APIs on [StackOverflow](http://stackoverflow.com).
301 +
302 + [google-apis-php-client]: https://github.com/google/google-api-php-client
303 + [application default credentials]: https://cloud.google.com/docs/authentication/application-default-credentials
304 + [contributing]: https://github.com/google/google-auth-library-php/tree/main/.github/CONTRIBUTING.md
305 + [copying]: https://github.com/google/google-auth-library-php/tree/main/COPYING
306 + [Guzzle]: https://github.com/guzzle/guzzle
307 + [Guzzle 5]: http://docs.guzzlephp.org/en/5.3
308 + [developer console]: https://console.developers.google.com
309 + [set-up-adc]: https://cloud.google.com/docs/authentication/provide-credentials-adc
310 +