add token endpoint metric

googleapis · Nov 5, 2024 · 475bc74 · 475bc74
1 parent aefc2fe
commit 475bc74
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/src/Credentials/ServiceAccountCredentials.php b/src/Credentials/ServiceAccountCredentials.php
@@ -236,7 +236,8 @@ public function fetchAuthToken(callable $httpHandler = null)
             $idToken = (new Iam($httpHandler, $this->getUniverseDomain()))->generateIdToken(
                 $this->auth->getIssuer(),
                 $this->auth->getAdditionalClaims()['target_audience'],
-                $jwt
+                $jwt,
+                $this->applyTokenEndpointMetrics([], 'it')
             );
             return ['id_token' => $idToken];
         }

diff --git a/src/Iam.php b/src/Iam.php
@@ -118,19 +118,21 @@ public function signBlob($email, $accessToken, $stringToSign, array $delegates =
      * @param string $clientEmail The service account email.
      * @param string $targetAudience The audience for the ID token.
      * @param string $bearerToken The token to authenticate the IAM request.
+     * @param array<string, string> $headers [optional] Additional headers to send with the request.
      *
      * @return string The signed string, base64-encoded.
      */
     public function generateIdToken(
         string $clientEmail,
         string $targetAudience,
-        string $bearerToken
+        string $bearerToken,
+        array $headers = []
     ): string {
         $name = sprintf(self::SERVICE_ACCOUNT_NAME, $clientEmail);
         $apiRoot = str_replace('UNIVERSE_DOMAIN', $this->universeDomain, self::IAM_API_ROOT_TEMPLATE);
         $uri = $apiRoot . '/' . sprintf(self::GENERATE_ID_TOKEN_PATH, $name);
 
-        $headers = ['Authorization' => 'Bearer ' . $bearerToken];
+        $headers['Authorization'] = 'Bearer ' . $bearerToken;
 
         $body = [
             'audience' => $targetAudience,

diff --git a/tests/Credentials/ServiceAccountCredentialsTest.php b/tests/Credentials/ServiceAccountCredentialsTest.php
@@ -330,6 +330,10 @@ public function testShouldUseIamWhenTargetAudienceAndUniverseDomainIsSet()
             $this->assertArrayHasKey('iss', $jwtParams);
             $this->assertEquals('[email protected]', $jwtParams['iss']);
 
+            // Verify header contains the auth headers
+            $parts = explode(' ', $request->getHeaderLine('x-goog-api-client'));
+            $this->assertContains('auth-request-type/it', $parts);
+
             // return expected IAM ID token response
             return new Psr7\Response(200, [], json_encode(['token' => 'idtoken12345']));
         };