Skip to content

Latest commit

 

History

History
116 lines (73 loc) · 5.13 KB

AUTHENTICATION.md

File metadata and controls

116 lines (73 loc) · 5.13 KB

Authentication

In general, the Google Cloud PHP library uses Service Account credentials to connect to Google Cloud services. When running on Compute Engine the credentials will be discovered automatically. When running on other environments, the Service Account credentials can be specified by providing the path to the JSON keyfile for the account (or the JSON itself) in environment variables.

NOTE: It's important to note that this library uses getenv, so if your environemnt variables are set in PHP, they must use putenv,

putenv("GOOGLE_APPLICATION_CREDENTIALS=" . __DIR__ . '/your-service-account-credentials.json');

General instructions, environment variables, and configuration options are covered in the general Authentication guide for the google-cloud umbrella package. Specific instructions and environment variables for each individual service are linked from the README documents listed below for each service.

Creating a Service Account

Google Cloud requires a Project ID and Service Account Credentials to connect to the APIs. For detailed instructions on how to create a service account, see the Authentication guide.

You will use the Project ID and JSON key file to connect to most services with Google Cloud PHP.

Project and Credential Lookup

The Google Cloud PHP library aims to make authentication as simple as possible, and provides several mechanisms to configure your system without providing Project ID and Service Account Credentials directly in code.

Project ID is discovered in the following order:

  1. Specify project ID in code
  2. Discover project ID in environment variables
  3. Discover GCE project ID

Credentials are discovered in the following order:

  1. Specify credentials in code
  2. Discover credentials path in environment variables
  3. Discover credentials file in the Cloud SDK's path
  4. Discover GCE credentials

Google Cloud Platform environments

While running on Google Cloud Platform environments such as Google Compute Engine, Google App Engine and Google Kubernetes Engine, no extra work is needed. The Project ID and Credentials and are discovered automatically. Code should be written as if already authenticated.

Environment Variables

The Project ID and Credentials JSON can be placed in environment variables instead of declaring them directly in code.

Here are the environment variables that Google Cloud PHP checks for project ID:

  1. GOOGLE_CLOUD_PROJECT
  2. GCLOUD_PROJECT (deprecated)

Here are the environment variables that Google Cloud PHP checks for credentials:

  1. GOOGLE_APPLICATION_CREDENTIALS - Path to JSON file

Client Authentication

Each Google Cloud PHP client may be authenticated in code when creating a client library instance.

Most clients use the credentials option for providing credentials as a constructor option:

require 'vendor/autoload.php';

use Google\Cloud\VideoIntelligence\V1\VideoIntelligenceServiceClient;

// Authenticating with keyfile data.
$video = new VideoIntelligenceServiceClient([
    'credentials' => json_decode(file_get_contents('/path/to/keyfile.json'), true)
]);

// Authenticating with a keyfile path.
$video = new VideoIntelligenceServiceClient([
    'credentials' => '/path/to/keyfile.json'
]);

However, some clients use the keyFile or keyFilePath option:

require 'vendor/autoload.php';

use Google\Cloud\Storage\StorageClient;

// Authenticating with keyfile data.
$storage = new StorageClient([
    'keyFile' => json_decode(file_get_contents('/path/to/keyfile.json'), true)
]);

// Authenticating with a keyfile path.
$storage = new StorageClient([
    'keyFilePath' => '/path/to/keyfile.json'
]);

// Providing the Google Cloud project ID.
$storage = new StorageClient([
    'projectId' => 'myProject'
]);

Check the client documentation for the client library you're using.

Cloud SDK

This option allows for an easy way to authenticate during development. If credentials are not provided in code or in environment variables, then Cloud SDK credentials are discovered.

To configure your system for this, simply:

  1. Download and install the Cloud SDK
  2. Authenticate using OAuth 2.0 $ gcloud auth login
  3. Write code as if already authenticated.

NOTE: This is not recommended for running in production. The Cloud SDK should only be used during development.

Troubleshooting

If you're having trouble authenticating open a Github Issue to get help. Also consider searching or asking questions on StackOverflow.