clientEmail = $clientEmail; $this->privateKey = $privateKey; $this->signer = new Sha256(); $this->clock = $clock; } public function handle(CreateCustomToken $action): Token { $now = $this->clock->now(); $builder = (new Builder()) ->setIssuedAt($now->getTimestamp()) ->setIssuer($this->clientEmail) ->setExpiration($now->add($action->timeToLive()->value())->getTimestamp()) ->setSubject($this->clientEmail) ->setAudience('https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit') ->set('uid', $action->uid()) ; if (!empty($customClaims = $action->customClaims())) { $builder = $builder->set('claims', $customClaims); } try { $token = $builder->getToken($this->signer, new Signer\Key($this->privateKey)); } catch (Throwable $e) { throw CustomTokenCreationFailed::because($e->getMessage(), $e->getCode(), $e); } /** @var Claim[] $claims */ $claims = $token->getClaims(); $payload = []; foreach ($claims as $claim) { $payload[$claim->getName()] = $claim->getValue(); } return TokenInstance::withValues((string) $token, $token->getHeaders(), $payload); } }