[英]How do I use OAuth2 to authenticate for Google Cloud API in PHP
I am trying to interact with Google Cloud APIs using the https://github.com/googleapis/google-cloud-php packages.我正在尝试使用https://github.com/googleapis/google-cloud-php包与 Google Cloud API 进行交互。
For instance, here I am issuing a request for Billing Accounts:例如,我在这里发出一个帐单帐户请求:
$client = new CloudBillingClient();
$accounts = $client->listBillingAccounts();
foreach ($accounts as $account) {
print('Billing account: ' . $account->getName() . PHP_EOL);
}
This obviously doesn't work as there are no credentials, and throws an error:这显然不起作用,因为没有凭据,并引发错误:
Google\ApiCore\ValidationException
Could not construct ApplicationDefaultCredentials
So how do I authenticate to get the Billing query to work?那么如何进行身份验证以使计费查询正常工作? To be clear, I can use another OAuth2 library to get an access_token, no problems.需要明确的是,我可以使用另一个 OAuth2 库来获取 access_token,没有问题。 For example in this Laravel controller:例如在这个 Laravel controller 中:
use League\OAuth2\Client\Provider\Google as GoogleProvider;
class GoogleAuthController extends Controller
{
public function index()
{
$provider = new GoogleProvider([
'clientId' => $clientId,
'clientSecret' => $clientSecret,
'redirectUri' => $redirectUri // will use this same url 'index'
]);
$authUrl = $provider->getAuthorizationUrl([
'scope' => [
'https://www.googleapis.com/auth/cloud-platform'
]
]);
// This is the first request for authorization
if (empty($_GET['code']))
{
session()->put('oauth2state', $provider->getState());
return redirect($authUrl);
}
// This is the returned request from Google
else
{
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// I HAVE A TOKEN NOW! I can do a request using Guzzle, like below, and it works fine.
// But surely Google's package should allow me to do this?!?!?
$response = Http::get('https://cloudresourcemanager.googleapis.com/v1/projects', [
'access_token' => $token
]);
return $response;
}
}
}
However, I would like to leverage the power of Google's already-built libraries.但是,我想利用 Google 已经构建的库的强大功能。
Looking through the Google Auth package for PHP ( https://github.com/googleapis/google-auth-library-php ) I see lots of mention of OAuth, and it seems possible to use credentials generated by that library with the Google Cloud packages ( https://github.com/googleapis/google-cloud-php ), like the BillingClient above. Looking through the Google Auth package for PHP ( https://github.com/googleapis/google-auth-library-php ) I see lots of mention of OAuth, and it seems possible to use credentials generated by that library with the Google Cloud包( https://github.com/googleapis/google-cloud-php ),如上面的 BillingClient。 But I am struggling with how .但我正在努力解决如何。
Edit编辑
Further to this: in jdp's answer below he uses the 'credentials' config key.除此之外:在下面的 jdp 回答中,他使用了“凭据”配置键。 Note this comment in the source of CloudBillingGapicClient: "In addition, this option can also accept a pre-constructed \Google\Auth\FetchAuthTokenInterface object or \Google\ApiCore\CredentialsWrapper} object".请注意 CloudBillingGapicClient 源中的此注释:“此外,此选项还可以接受预先构造的 \Google\Auth\FetchAuthTokenInterface object 或 \Google\ApiCore\CredentialsWrapper} 对象”。 When I look at the OAuth2 class in Google's Auth package I see that it implements FetchAuthTokenInterface.当我查看 Google 的 Auth package 中的 OAuth2 class 时,我看到它实现了 FetchAuthTokenInterface。 So it seems like it should be usable to pass OAuth credentials.所以似乎它应该可以用来传递 OAuth 凭据。 I am just lost as to how.我只是不知道怎么做。
You can create a service account and download the credentials file, then configure application default credentials .您可以创建服务帐户并下载凭据文件,然后配置应用程序默认凭据。 From there clients will be automatically authenticated.从那里客户端将自动进行身份验证。
You can also provide the credentials directly when creating a client:您还可以在创建客户端时直接提供凭据:
$client = new CloudBillingClient([
'credentials' => '/path/to/keyfile.json'
]);
$accounts = $client->listBillingAccounts();
foreach ($accounts as $account) {
print('Billing account: ' . $account->getName() . PHP_EOL);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.