187 lines
5.6 KiB
Markdown
187 lines
5.6 KiB
Markdown
<img src="https://avatars2.githubusercontent.com/u/2810941?v=3&s=96" alt="Google Cloud Platform logo" title="Google Cloud Platform" align="right" height="96" width="96"/>
|
|
|
|
# [node-gtoken](https://github.com/googleapis/node-gtoken)
|
|
|
|
[![npm version][npm-image]][npm-url]
|
|
[![Known Vulnerabilities][snyk-image]][snyk-url]
|
|
[![codecov][codecov-image]][codecov-url]
|
|
[![Code Style: Google][gts-image]][gts-url]
|
|
|
|
> Node.js Google Authentication Service Account Tokens
|
|
|
|
This is a low level utility library used to interact with Google Authentication services. **In most cases, you probably want to use the [google-auth-library](https://github.com/googleapis/google-auth-library-nodejs) instead.**
|
|
|
|
* [gtoken API Reference][client-docs]
|
|
* [github.com/googleapis/node-gtoken](https://github.com/googleapis/node-gtoken)
|
|
|
|
## Installation
|
|
|
|
``` sh
|
|
npm install gtoken
|
|
```
|
|
|
|
## Usage
|
|
|
|
### Use with a `.pem` or `.p12` key file:
|
|
|
|
``` js
|
|
const { GoogleToken } = require('gtoken');
|
|
const gtoken = new GoogleToken({
|
|
keyFile: 'path/to/key.pem', // or path to .p12 key file
|
|
email: 'my_service_account_email@developer.gserviceaccount.com',
|
|
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
|
|
eagerRefreshThresholdMillis: 5 * 60 * 1000
|
|
});
|
|
|
|
gtoken.getToken((err, tokens) => {
|
|
if (err) {
|
|
console.log(err);
|
|
return;
|
|
}
|
|
console.log(tokens);
|
|
// {
|
|
// access_token: 'very-secret-token',
|
|
// expires_in: 3600,
|
|
// token_type: 'Bearer'
|
|
// }
|
|
});
|
|
```
|
|
|
|
You can also use the async/await style API:
|
|
|
|
``` js
|
|
const tokens = await gtoken.getToken()
|
|
console.log(tokens);
|
|
```
|
|
|
|
Or use promises:
|
|
|
|
```js
|
|
gtoken.getToken()
|
|
.then(tokens => {
|
|
console.log(tokens)
|
|
})
|
|
.catch(console.error);
|
|
```
|
|
|
|
### Use with a service account `.json` key file:
|
|
|
|
``` js
|
|
const { GoogleToken } = require('gtoken');
|
|
const gtoken = new GoogleToken({
|
|
keyFile: 'path/to/key.json',
|
|
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
|
|
eagerRefreshThresholdMillis: 5 * 60 * 1000
|
|
});
|
|
|
|
gtoken.getToken((err, tokens) => {
|
|
if (err) {
|
|
console.log(err);
|
|
return;
|
|
}
|
|
console.log(tokens);
|
|
});
|
|
```
|
|
|
|
### Pass the private key as a string directly:
|
|
|
|
``` js
|
|
const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
|
|
const { GoogleToken } = require('gtoken');
|
|
const gtoken = new GoogleToken({
|
|
email: 'my_service_account_email@developer.gserviceaccount.com',
|
|
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
|
|
key: key,
|
|
eagerRefreshThresholdMillis: 5 * 60 * 1000
|
|
});
|
|
```
|
|
|
|
## Options
|
|
|
|
> Various options that can be set when creating initializing the `gtoken` object.
|
|
|
|
- `options.email or options.iss`: The service account email address.
|
|
- `options.scope`: An array of scope strings or space-delimited string of scopes.
|
|
- `options.sub`: The email address of the user requesting delegated access.
|
|
- `options.keyFile`: The filename of `.json` key, `.pem` key or `.p12` key.
|
|
- `options.key`: The raw RSA private key value, in place of using `options.keyFile`.
|
|
- `options.additionalClaims`: Additional claims to include in the JWT when requesting a token.
|
|
- `options.eagerRefreshThresholdMillis`: How long must a token be valid for in order to return it from the cache. Defaults to 0.
|
|
|
|
### .getToken(callback)
|
|
|
|
> Returns the cached tokens or requests a new one and returns it.
|
|
|
|
``` js
|
|
gtoken.getToken((err, token) => {
|
|
console.log(err || token);
|
|
// gtoken.rawToken value is also set
|
|
});
|
|
```
|
|
|
|
### .getCredentials('path/to/key.json')
|
|
|
|
> Given a keyfile, returns the key and (if available) the client email.
|
|
|
|
```js
|
|
const creds = await gtoken.getCredentials('path/to/key.json');
|
|
```
|
|
|
|
### Properties
|
|
|
|
> Various properties set on the gtoken object after call to `.getToken()`.
|
|
|
|
- `gtoken.idToken`: The OIDC token returned (if any).
|
|
- `gtoken.accessToken`: The access token.
|
|
- `gtoken.expiresAt`: The expiry date as milliseconds since 1970/01/01
|
|
- `gtoken.key`: The raw key value.
|
|
- `gtoken.rawToken`: Most recent raw token data received from Google.
|
|
|
|
### .hasExpired()
|
|
|
|
> Returns true if the token has expired, or token does not exist.
|
|
|
|
``` js
|
|
const tokens = await gtoken.getToken();
|
|
gtoken.hasExpired(); // false
|
|
```
|
|
|
|
### .revokeToken()
|
|
|
|
> Revoke the token if set.
|
|
|
|
``` js
|
|
await gtoken.revokeToken();
|
|
console.log('Token revoked!');
|
|
```
|
|
|
|
## Downloading your private `.p12` key from Google
|
|
|
|
1. Open the [Google Developer Console][gdevconsole].
|
|
2. Open your project and under "APIs & auth", click Credentials.
|
|
3. Generate a new `.p12` key and download it into your project.
|
|
|
|
## Converting your `.p12` key to a `.pem` key
|
|
|
|
You can just specify your `.p12` file (with `.p12` extension) as the `keyFile` and it will automatically be converted to a `.pem` on the fly, however this results in a slight performance hit. If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed.
|
|
|
|
``` sh
|
|
$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem
|
|
```
|
|
|
|
Don't forget, the passphrase when converting these files is the string `'notasecret'`
|
|
|
|
## License
|
|
|
|
[MIT](https://github.com/googleapis/node-gtoken/blob/main/LICENSE)
|
|
|
|
[codecov-image]: https://codecov.io/gh/googleapis/node-gtoken/branch/main/graph/badge.svg
|
|
[codecov-url]: https://codecov.io/gh/googleapis/node-gtoken
|
|
[gdevconsole]: https://console.developers.google.com
|
|
[gts-image]: https://img.shields.io/badge/code%20style-google-blueviolet.svg
|
|
[gts-url]: https://www.npmjs.com/package/gts
|
|
[npm-image]: https://img.shields.io/npm/v/gtoken.svg
|
|
[npm-url]: https://npmjs.org/package/gtoken
|
|
[snyk-image]: https://snyk.io/test/github/googleapis/node-gtoken/badge.svg
|
|
[snyk-url]: https://snyk.io/test/github/googleapis/node-gtoken
|
|
[client-docs]: https://googleapis.dev/nodejs/gtoken/latest/
|