Adding an experimental AppIdentity auth impl

Included an example file. It's a tricky one to unit test as
there's not a lot to it, and it only works on GAE!

Author: Ian Barber

examples/appengineauth.php

@@ -0,0 +1,49 @@
+<?php
+/*
+ * Copyright 2013 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+session_start();
+include_once "templates/base.php";
+
+/************************************************
+  Make an API request authenticated via the 
+  AppIdentity service on AppEngine.
+ ************************************************/
+set_include_path("../src/" . PATH_SEPARATOR . get_include_path());
+require_once 'Google/Client.php';
+require_once 'Google/Auth/AppIdentity.php';
+require_once 'Google/Service/Storage.php';
+
+echo pageHeader("AppIdentity Account Access");
+
+$client = new Google_Client();
+$client->setApplicationName("Client_Library_Examples");
+
+$auth = new Google_Auth_AppIdentity($client);
+$token = $auth->authenticateForScope(Google_Service_Storage::DEVSTORAGE_READ_ONLY);
+if (!$token) {
+  die("Could not authenticate to AppIdentity service");
+}
+$client->setAuth($auth);
+
+$service = new Google_Service_Storage($client);
+$results = $service->buckets->listBuckets(str_replace("s~", "", $_SERVER['APPLICATION_ID']));
+
+echo "<h3>Results Of Call:</h3>";
+echo "<pre>";
+var_dump($results);
+echo "</pre>";
+
+echo pageFooter(__FILE__);

src/Google/Auth/Abstract.php

@@ -31,11 +31,5 @@ abstract class Google_Auth_Abstract
    * @return Google_Http_Request $request
    */
   abstract public function authenticatedRequest(Google_Http_Request $request);
-
-  abstract public function authenticate($code);
   abstract public function sign(Google_Http_Request $request);
-  abstract public function createAuthUrl($scope);
-
-  abstract public function refreshToken($refreshToken);
-  abstract public function revokeToken();
 }

src/Google/Auth/AppIdentity.php

@@ -0,0 +1,93 @@
+<?php
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * WARNING - this class depends on the Google App Engine PHP library
+ * which is 5.3 and above only, so if you include this in a PHP 5.2
+ * setup or one without 5.3 things will blow up.
+ */
+use google\appengine\api\app_identity\AppIdentityService;
+
+require_once "Google/Auth/Abstract.php";
+require_once "Google/Http/Request.php";
+
+/**
+ * Authentication via the Google App Engine App Identity service.
+ */
+class Google_Auth_AppIdentity extends Google_Auth_Abstract
+{
+  const CACHE_PREFIX = "Google_Auth_AppIdentity::";
+  const CACHE_LIFETIME = 1500;
+  private $key = null;
+  private $client;
+  private $token = false;
+  private $tokenScopes = false;
+
+  public function __construct(Google_Client $client, $config = null)
+  {
+    $this->client = $client;
+  }
+
+  /**
+   * Retrieve an access token for the scopes supplied.
+   */
+  public function authenticateForScope($scopes) {
+    if ($this->token && $this->tokenScopes == $scopes) {
+      return $this->token;
+    }
+    $memcache = new Memcached();
+    $this->token = $memcache->get(self::CACHE_PREFIX . $scopes);
+    if (!$this->token) {
+      $this->token = AppIdentityService::getAccessToken($scopes);
+      if ($this->token) {
+        $memcache->set(self::CACHE_PREFIX . $scopes, $this->token, self::CACHE_LIFETIME);
+      }
+    }
+    $this->tokenScopes = $scopes;
+    return $this->token;
+  }
+
+  /**
+   * Perform an authenticated / signed apiHttpRequest.
+   * This function takes the apiHttpRequest, calls apiAuth->sign on it
+   * (which can modify the request in what ever way fits the auth mechanism)
+   * and then calls apiCurlIO::makeRequest on the signed request
+   *
+   * @param Google_Http_Request $request
+   * @return Google_Http_Request The resulting HTTP response including the
+   * responseHttpCode, responseHeaders and responseBody.
+   */
+  public function authenticatedRequest(Google_Http_Request $request)
+  {
+    $request = $this->sign($request);
+    return $this->io->makeRequest($request);
+  }
+
+  public function sign(Google_Http_Request $request)
+  {
+    if (!$this->token) {
+      // No token, so nothing to do.
+      return $request;
+    }
+    // Add the OAuth2 header to the request
+    $request->setRequestHeaders(
+        array('Authorization' => 'Bearer ' . $this->token['access_token'])
+    );
+
+    return $request;
+  }
+}

src/Google/Auth/Simple.php

@@ -51,36 +51,6 @@ public function authenticatedRequest(Google_Http_Request $request)
     return $this->io->makeRequest($request);
   }
 
-  public function authenticate($code)
-  {
-    throw new Google_Auth_Exception("Simple auth does not exchange tokens.");
-  }
-
-  public function setAccessToken($accessToken)
-  {
-    /* noop*/
-  }
-
-  public function getAccessToken()
-  {
-    return null;
-  }
-
-  public function createAuthUrl($scope)
-  {
-    return null;
-  }
-
-  public function refreshToken($refreshToken)
-  {
-    /* noop*/
-  }
-
-  public function revokeToken()
-  {
-    /* noop*/
-  }
-
   public function sign(Google_Http_Request $request)
   {
     $key = $this->client->getClassConfig($this, 'developer_key');

tests/general/AuthTest.php

@@ -234,17 +234,6 @@ public function testNoAuth() {
     $req = new Google_Http_Request("http://example.com");
 
     $resp = $noAuth->sign($req);
-    try {
-      $noAuth->authenticate(null);
-      $this->assertTrue(false, "Exception expected");
-    } catch (Google_Auth_Exception $e) {
-
-    }
-    $noAuth->createAuthUrl(null);
-    $noAuth->setAccessToken(null);
-    $noAuth->getAccessToken();
-    $noAuth->refreshToken(null);
-    $noAuth->revokeToken();
     $this->assertEquals("http://example.com", $resp->getUrl());
     $this->getClient()->setAuth($oldAuth);
   }