haifa-reminder/node_modules/gtoken/README.md

187 lines
5.6 KiB
Markdown

<img src="https://avatars2.githubusercontent.com/u/2810941?v=3&s=96" alt="Google Cloud Platform logo" title="Google Cloud Platform" align="right" height="96" width="96"/>
# [node-gtoken](https://github.com/googleapis/node-gtoken)
[![npm version][npm-image]][npm-url]
[![Known Vulnerabilities][snyk-image]][snyk-url]
[![codecov][codecov-image]][codecov-url]
[![Code Style: Google][gts-image]][gts-url]
> Node.js Google Authentication Service Account Tokens
This is a low level utility library used to interact with Google Authentication services. **In most cases, you probably want to use the [google-auth-library](https://github.com/googleapis/google-auth-library-nodejs) instead.**
* [gtoken API Reference][client-docs]
* [github.com/googleapis/node-gtoken](https://github.com/googleapis/node-gtoken)
## Installation
``` sh
npm install gtoken
```
## Usage
### Use with a `.pem` or `.p12` key file:
``` js
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.pem', // or path to .p12 key file
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
gtoken.getToken((err, tokens) => {
if (err) {
console.log(err);
return;
}
console.log(tokens);
// {
// access_token: 'very-secret-token',
// expires_in: 3600,
// token_type: 'Bearer'
// }
});
```
You can also use the async/await style API:
``` js
const tokens = await gtoken.getToken()
console.log(tokens);
```
Or use promises:
```js
gtoken.getToken()
.then(tokens => {
console.log(tokens)
})
.catch(console.error);
```
### Use with a service account `.json` key file:
``` js
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.json',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
gtoken.getToken((err, tokens) => {
if (err) {
console.log(err);
return;
}
console.log(tokens);
});
```
### Pass the private key as a string directly:
``` js
const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
key: key,
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
```
## Options
> Various options that can be set when creating initializing the `gtoken` object.
- `options.email or options.iss`: The service account email address.
- `options.scope`: An array of scope strings or space-delimited string of scopes.
- `options.sub`: The email address of the user requesting delegated access.
- `options.keyFile`: The filename of `.json` key, `.pem` key or `.p12` key.
- `options.key`: The raw RSA private key value, in place of using `options.keyFile`.
- `options.additionalClaims`: Additional claims to include in the JWT when requesting a token.
- `options.eagerRefreshThresholdMillis`: How long must a token be valid for in order to return it from the cache. Defaults to 0.
### .getToken(callback)
> Returns the cached tokens or requests a new one and returns it.
``` js
gtoken.getToken((err, token) => {
console.log(err || token);
// gtoken.rawToken value is also set
});
```
### .getCredentials('path/to/key.json')
> Given a keyfile, returns the key and (if available) the client email.
```js
const creds = await gtoken.getCredentials('path/to/key.json');
```
### Properties
> Various properties set on the gtoken object after call to `.getToken()`.
- `gtoken.idToken`: The OIDC token returned (if any).
- `gtoken.accessToken`: The access token.
- `gtoken.expiresAt`: The expiry date as milliseconds since 1970/01/01
- `gtoken.key`: The raw key value.
- `gtoken.rawToken`: Most recent raw token data received from Google.
### .hasExpired()
> Returns true if the token has expired, or token does not exist.
``` js
const tokens = await gtoken.getToken();
gtoken.hasExpired(); // false
```
### .revokeToken()
> Revoke the token if set.
``` js
await gtoken.revokeToken();
console.log('Token revoked!');
```
## Downloading your private `.p12` key from Google
1. Open the [Google Developer Console][gdevconsole].
2. Open your project and under "APIs & auth", click Credentials.
3. Generate a new `.p12` key and download it into your project.
## Converting your `.p12` key to a `.pem` key
You can just specify your `.p12` file (with `.p12` extension) as the `keyFile` and it will automatically be converted to a `.pem` on the fly, however this results in a slight performance hit. If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed.
``` sh
$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem
```
Don't forget, the passphrase when converting these files is the string `'notasecret'`
## License
[MIT](https://github.com/googleapis/node-gtoken/blob/main/LICENSE)
[codecov-image]: https://codecov.io/gh/googleapis/node-gtoken/branch/main/graph/badge.svg
[codecov-url]: https://codecov.io/gh/googleapis/node-gtoken
[gdevconsole]: https://console.developers.google.com
[gts-image]: https://img.shields.io/badge/code%20style-google-blueviolet.svg
[gts-url]: https://www.npmjs.com/package/gts
[npm-image]: https://img.shields.io/npm/v/gtoken.svg
[npm-url]: https://npmjs.org/package/gtoken
[snyk-image]: https://snyk.io/test/github/googleapis/node-gtoken/badge.svg
[snyk-url]: https://snyk.io/test/github/googleapis/node-gtoken
[client-docs]: https://googleapis.dev/nodejs/gtoken/latest/