Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
<?php
/*
 * Copyright 2014 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/*
 * WARNING - this class depends on the Google App Engine PHP library
 * which is 5.3 and above only, so if you include this in a PHP 5.2
 * setup or one without 5.3 things will blow up.
 */
use google\appengine\api\app_identity\AppIdentityService;

if (!class_exists('Google_Client')) {
  require_once dirname(__FILE__) . '/../autoload.php';
}

/**
 * Authentication via the Google App Engine App Identity service.
 */
> #[AllowDynamicProperties]
class Google_Auth_AppIdentity extends Google_Auth_Abstract { const CACHE_PREFIX = "Google_Auth_AppIdentity::"; private $client; private $token = false; private $tokenScopes = false; public function __construct(Google_Client $client, $config = null) { $this->client = $client; } /** * Retrieve an access token for the scopes supplied. */ public function authenticateForScope($scopes) { if ($this->token && $this->tokenScopes == $scopes) { return $this->token; } $cacheKey = self::CACHE_PREFIX; if (is_string($scopes)) { $cacheKey .= $scopes; } else if (is_array($scopes)) { $cacheKey .= implode(":", $scopes); } $this->token = $this->client->getCache()->get($cacheKey); if (!$this->token) { $this->retrieveToken($scopes, $cacheKey); } else if ($this->token['expiration_time'] < time()) { $this->client->getCache()->delete($cacheKey); $this->retrieveToken($scopes, $cacheKey); } $this->tokenScopes = $scopes; return $this->token; } /** * Retrieve a new access token and store it in cache * @param mixed $scopes * @param string $cacheKey */ private function retrieveToken($scopes, $cacheKey) { $this->token = AppIdentityService::getAccessToken($scopes); if ($this->token) { $this->client->getCache()->set( $cacheKey, $this->token ); } } /** * Perform an authenticated / signed apiHttpRequest. * This function takes the apiHttpRequest, calls apiAuth->sign on it * (which can modify the request in what ever way fits the auth mechanism) * and then calls apiCurlIO::makeRequest on the signed request * * @param Google_Http_Request $request * @return Google_Http_Request The resulting HTTP response including the * responseHttpCode, responseHeaders and responseBody. */ public function authenticatedRequest(Google_Http_Request $request) { $request = $this->sign($request); return $this->client->getIo()->makeRequest($request); } public function sign(Google_Http_Request $request) { if (!$this->token) { // No token, so nothing to do. return $request; } $this->client->getLogger()->debug('App Identity authentication'); // Add the OAuth2 header to the request $request->setRequestHeaders( array('Authorization' => 'Bearer ' . $this->token['access_token']) ); return $request; } }