PHPFUI/InstaDoc
 
Copied!

Authenticates requests using AWS credentials.

CloneableInstantiable
Methods
public __construct(string $audience, string $regionalCredVerificationUrl, ?string $regionUrl = NULL, ?string $securityCredentialsUrl = NULL, ?string $imdsv2SessionTokenUrl = NULL)
 
  • param string $audience The audience for the credential.
  • param string $regionalCredVerificationUrl The regional AWS GetCallerIdentity action URL used to determine the AWS account ID and its roles. This is not called by this library, but is sent in the subject token to be called by the STS token server.
  • param string|null $regionUrl This URL should be used to determine the current AWS region needed for the signed request construction.
  • param string|null $securityCredentialsUrl The AWS metadata server URL used to retrieve the access key, secret key and security token needed to sign the GetCallerIdentity request.
  • param string|null $imdsv2SessionTokenUrl Presence of this URL enforces the auth libraries to fetch a Session Token from AWS. This field is required for EC2 instances using IMDSv2.
public fetchSubjectToken(?callable $httpHandler = NULL) : string
public getCacheKey() : string
 

Gets the unique key for caching For AwsNativeSource the values are: Imdsv2SessionTokenUrl.SecurityCredentialsUrl.RegionUrl.RegionalCredVerificationUrl

  • return string
public static getImdsV2SessionToken(string $imdsV2Url, callable $httpHandler) : string
 
  • internal
public static getRegionFromEnv() : ?string
 
  • internal
public static getRegionFromUrl(callable $httpHandler, string $regionUrl, array $headers) : string
 
  • internal
  • param callable $httpHandler
  • param string $regionUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
public static getRoleName(callable $httpHandler, string $securityCredentialsUrl, array $headers) : string
 
  • internal
  • param callable $httpHandler
  • param string $securityCredentialsUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
public static getSignedRequestHeaders(string $region, string $host, string $accessKeyId, string $secretAccessKey, ?string $securityToken) : array
 
  • see http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
  • internal
  • return array<string,string>
public static getSigningVarsFromEnv() : ?array
 
  • internal
  • return array{: string, : string, : ?string}
public static getSigningVarsFromUrl(callable $httpHandler, string $securityCredentialsUrl, string $roleName, array $headers) : array
 
  • internal
  • param callable $httpHandler
  • param string $securityCredentialsUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
  • return array{: string, : string, : ?string}
Constants
private Google\Auth\CredentialSource\AwsNativeSource::CRED_VERIFICATION_QUERY = 'Action=GetCallerIdentity&Version=2011-06-15'
Properties
private string $audience
private ?string $imdsv2SessionTokenUrl
private string $regionalCredVerificationUrl
private ?string $regionUrl
private ?string $securityCredentialsUrl
Methods
private static getSignatureKey(string $key, string $dateStamp, string $regionName, string $serviceName) : string
private static hmacSign(string $key, string $msg) : string
 

Return HMAC hash in binary string

private static utf8Encode(string $string) : string
 
  • TODO add a fallback when mbstring is not available
Methods
public static getImdsV2SessionToken(string $imdsV2Url, callable $httpHandler) : string
 
  • internal
public static getRegionFromEnv() : ?string
 
  • internal
public static getRegionFromUrl(callable $httpHandler, string $regionUrl, array $headers) : string
 
  • internal
  • param callable $httpHandler
  • param string $regionUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
public static getRoleName(callable $httpHandler, string $securityCredentialsUrl, array $headers) : string
 
  • internal
  • param callable $httpHandler
  • param string $securityCredentialsUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
private static getSignatureKey(string $key, string $dateStamp, string $regionName, string $serviceName) : string
public static getSignedRequestHeaders(string $region, string $host, string $accessKeyId, string $secretAccessKey, ?string $securityToken) : array
 
  • see http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
  • internal
  • return array<string,string>
public static getSigningVarsFromEnv() : ?array
 
  • internal
  • return array{: string, : string, : ?string}
public static getSigningVarsFromUrl(callable $httpHandler, string $securityCredentialsUrl, string $roleName, array $headers) : array
 
  • internal
  • param callable $httpHandler
  • param string $securityCredentialsUrl
  • param array<string,string|string[]> $headers Request headers to send in with the request.
  • return array{: string, : string, : ?string}
private static hmacSign(string $key, string $msg) : string
 

Return HMAC hash in binary string

private static utf8Encode(string $string) : string
 
  • TODO add a fallback when mbstring is not available
© 2025 Bruce Wells
Search Namespaces \ Classes
Configuration