feature request: enable self signed JWTs in Google\Client #2601
Description
Similar to useApplicationDefaultCredentials, we should look into enabling Self Signed JWTs by default. Right now this is possible, but only by providing custom credentials, e.g:
use Google\Auth\ApplicationDefaultCredentials;
use Google\Auth\Credentials\ServiceAccountCredentials;
use Google\Client;
// use Application Default Credentials (e.g. the GOOGLE_APPLICATION_CREDENTIALS environment variable)
$credentials = ApplicationDefaultCredentials::makeCredentials();
if ($credentials instanceof ServiceAccountCredentials) {
// ensure that Service Account Credentials use Self-Signed JWT instead
// of making an HTTP request to the OAuth2 server
$credentials->useJwtAccessWithScope();
}
$client = new Client(['credentials' => $credentials]);The reason that Self-Signed JWT is not default behavior for this library is simply because there are so many APIs (more than 300) that we cannot be confident they will all work as expected with JWTs.
We can at the very least add a feature for a flag or function that enables the SSJWTs, so that you don't need to manually create them as shown above. Something like this, for instance:
// in the constructor
$client = new Google\Client(['use_self_signed_jwt' => true]);
// in a method
$client->useSelfSignedJwt(true);This would essentially just call useJwtAccessWithScope on the credentials if those credentials are ServiceAccountCredentials. Otherwise it would do nothing.
See google-wallet/rest-samples#112 and googleapis/google-auth-library-php#557 for a full discussion and related feature request.