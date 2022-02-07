Node.js Google Authentication Service Account Tokens

This is a low level utility library used to interact with Google Authentication services. In most cases, you probably want to use the google-auth-library instead.

Installation

npm install gtoken

Usage

Use with a .pem or .p12 key file:

const { GoogleToken } = require ( 'gtoken' ); const gtoken = new GoogleToken({ keyFile : 'path/to/key.pem' , email : 'my_service_account_email@developer.gserviceaccount.com' , scope : [ 'https://scope1' , 'https://scope2' ], eagerRefreshThresholdMillis : 5 * 60 * 1000 }); gtoken.getToken( ( err, tokens ) => { if (err) { console .log(err); return ; } console .log(tokens); });

You can also use the async/await style API:

const tokens = await gtoken.getToken() console .log(tokens);

Or use promises:

gtoken.getToken() .then( tokens => { console .log(tokens) }) .catch( console .error);

Use with a service account .json key file:

const { GoogleToken } = require ( 'gtoken' ); const gtoken = new GoogleToken({ keyFile : 'path/to/key.json' , scope : [ 'https://scope1' , 'https://scope2' ], eagerRefreshThresholdMillis : 5 * 60 * 1000 }); gtoken.getToken( ( err, tokens ) => { if (err) { console .log(err); return ; } console .log(tokens); });

Pass the private key as a string directly:

const key = '-----BEGIN RSA PRIVATE KEY-----

XXXXXXXXXXX...' ; const { GoogleToken } = require ( 'gtoken' ); const gtoken = new GoogleToken({ email : 'my_service_account_email@developer.gserviceaccount.com' , scope : [ 'https://scope1' , 'https://scope2' ], key : key, eagerRefreshThresholdMillis : 5 * 60 * 1000 });

Options

Various options that can be set when creating initializing the gtoken object.

options.email or options.iss : The service account email address.

: The service account email address. options.scope : An array of scope strings or space-delimited string of scopes.

: An array of scope strings or space-delimited string of scopes. options.sub : The email address of the user requesting delegated access.

: The email address of the user requesting delegated access. options.keyFile : The filename of .json key, .pem key or .p12 key.

: The filename of key, key or key. options.key : The raw RSA private key value, in place of using options.keyFile .

: The raw RSA private key value, in place of using . options.additionalClaims : Additional claims to include in the JWT when requesting a token.

: Additional claims to include in the JWT when requesting a token. options.eagerRefreshThresholdMillis : How long must a token be valid for in order to return it from the cache. Defaults to 0.

Returns the cached tokens or requests a new one and returns it.

gtoken.getToken( ( err, token ) => { console .log(err || token); });

Given a keyfile, returns the key and (if available) the client email.

const creds = await gtoken.getCredentials( 'path/to/key.json' );

Properties

Various properties set on the gtoken object after call to .getToken() .

gtoken.idToken : The OIDC token returned (if any).

: The OIDC token returned (if any). gtoken.accessToken : The access token.

: The access token. gtoken.expiresAt : The expiry date as milliseconds since 1970/01/01

: The expiry date as milliseconds since 1970/01/01 gtoken.key : The raw key value.

: The raw key value. gtoken.rawToken : Most recent raw token data received from Google.

Returns true if the token has expired, or token does not exist.

const tokens = await gtoken.getToken(); gtoken.hasExpired();

Revoke the token if set.

await gtoken.revokeToken(); console .log( 'Token revoked!' );

Downloading your private .p12 key from Google

Open the Google Developer Console. Open your project and under "APIs & auth", click Credentials. Generate a new .p12 key and download it into your project.

Converting your .p12 key to a .pem key

You can just specify your .p12 file (with .p12 extension) as the keyFile and it will automatically be converted to a .pem on the fly, however this results in a slight performance hit. If you'd like to convert to a .pem for use later, use OpenSSL if you have it installed.

$ openssl pkcs12 - in key.p12 -nodes -nocerts > key.pem

Don't forget, the passphrase when converting these files is the string 'notasecret'

License

MIT