google/appengine/api/app_identity/AppIdentityService.php
Classes
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
\google\appengine\api\app_identity\AppIdentityService
You can also retrieve a list of public certificates which can be used to verify the signature.
App Engine is responsible for maintaining per-application private key. App Engine will keep rotating private keys periodically. App Engine never releases these private keys externally.
Since private keys are rotated periodically, getPublicCertificates() could return a list of public certificates. It's the caller's responsibility to try these certificates one by one when doing signature verification.
Constants
PACKAGE_NAME
= 'app_identity_service'
PARTITION_SEPARATOR
= "~"
DOMAIN_SEPARATOR
= ":"
MEMCACHE_KEY_PREFIX
= '_ah_app_identity_'
Methods
getAccessToken
(array $scopes)
: array
Gets an OAuth2 access token for the application's service account from memcache or generates and caches one by calling getAccessTokenUncached($scopes)
Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until they expire.
| Name | Type | Description |
|---|---|---|
| $scopes | array |
The scopes to acquire the access token for. Can be either a single string or an array of strings. |
| Type | Description |
|---|---|
| array | An array with the following key/value pairs. 'access_token' - The access token for the application. 'expiration_time' - The expiration time for the access token. |
| Exception | Description |
|---|---|
| \InvalidArgumentException | If $scopes is not a string or an array of strings. |
| \google\appengine\api\app_identity\AppIdentityException | If there is an error using the AppIdentity service. |
getApplicationId
()
: string
Get the application id of an app.
| Type | Description |
|---|---|
| string | The application id of the app. |
getDefaultVersionHostname
()
: string
Get the standard hostname of the default version of the app.
| Type | Description |
|---|---|
| string | The standard hostname of the default version of the application, or FALSE if the call failed. |
getPublicCertificates
()
:
\google\appengine\api\app_identity\PublicCertificate[]
Get the list of public certifates for the application.
| Type | Description |
|---|---|
| \google\appengine\api\app_identity\PublicCertificate[] | An array of the applications public certificates. |
| Exception | Description |
|---|---|
| \google\appengine\api\app_identity\AppIdentityException | If there is an error using the AppIdentity service. |
getServiceAccountName
()
: string
Get the service account name for the application.
| Type | Description |
|---|---|
| string | The service account name. |
| Exception | Description |
|---|---|
| \google\appengine\api\app_identity\AppIdentityException | If there is an error using the AppIdentity service. |
signForApp
(string $bytes_to_sign)
: array
Signs arbitrary byte array using per app private key.
| Name | Type | Description |
|---|---|---|
| $bytes_to_sign | string |
The bytes to generate the signature for. |
| Type | Description |
|---|---|
| array | An array containing the elements 'key_name' - the name of the key used to sign the bytes 'signature' - the signature of the bytes. |
| Exception | Description |
|---|---|
| \InvalidArgumentException | If $bytes_to_sign is not a string. |
| \google\appengine\api\app_identity\AppIdentityException | If there is an error using the AppIdentity service. |