PHPFUI/InstaDoc
 
Copied!

Tools for using the IAM API.

  • see https://cloud.google.com/iam/docsIAM Documentation
CloneableInstantiable
Constants
public Google\Auth\Iam::IAM_API_ROOT = 'https://iamcredentials.googleapis.com/v1'
 
  • deprecated
public Google\Auth\Iam::SERVICE_ACCOUNT_NAME = 'projects/-/serviceAccounts/%s'
public Google\Auth\Iam::SIGN_BLOB_PATH = '%s:signBlob?alt=json'
Methods
public __construct(?callable $httpHandler = NULL, string $universeDomain = 'googleapis.com'Google\Auth\GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN)
 
  • param callable|null $httpHandler [optional] The HTTP Handler to send requests.
public generateIdToken(string $clientEmail, string $targetAudience, string $bearerToken, array $headers = []) : string
 

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

  • param string $clientEmail The service account email.
  • param string $targetAudience The audience for the ID token.
  • param string $bearerToken The token to authenticate the IAM request.
  • param array<string, string> $headers [optional] Additional headers to send with the request.
  • return string The signed string, base64-encoded.
public signBlob( $email, $accessToken, $stringToSign, array $delegates = [])
 

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

  • param string $email The service account email.
  • param string $accessToken An access token from the service account.
  • param string $stringToSign The string to be signed.
  • param string[] $delegates [optional] A list of service account emails to add to the delegate chain. If omitted, the value of $email will be used.
  • return string The signed string, base64-encoded.
Constants
private Google\Auth\Iam::GENERATE_ID_TOKEN_PATH = '%s:generateIdToken'
private Google\Auth\Iam::IAM_API_ROOT_TEMPLATE = 'https://iamcredentials.UNIVERSE_DOMAIN/v1'
Properties
private $httpHandler = NULL
 
  • var callable
private string $universeDomain
© 2026 Bruce Wells
Search Namespaces \ Classes
Configuration