Node.js Google Authentication Service Account Tokens
npm install gtoken
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.pem', // or path to .p12 key file
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'] // or space-delimited string of scopes
});
gtoken.getToken(function(err, token) {
if (err) {
console.log(err);
return;
}
console.log(token);
});
You can also use the async/await style API:
const token = await gtoken.getToken()
console.log(token);
Or use promises:
gtoken.getToken()
.then(token => {
console.log(`Token: ${token}`)
})
.catch(e => console.error);
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.json',
scope: ['https://scope1', 'https://scope2'] // or space-delimited string of scopes
});
gtoken.getToken(function(err, token) {
if (err) {
console.log(err);
return;
}
console.log(token);
});
const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
key: key
});
Various options that can be set when creating initializing the
gtoken
object.
options.email or options.iss
: The service account email address.options.scope
: An array of scope strings or space-delimited string of scopes.options.sub
: The email address of the user requesting delegated access.options.keyFile
: The filename of.json
key,.pem
key or.p12
key.options.key
: The raw RSA private key value, in place of usingoptions.keyFile
.options.agent
: Ahttps.Agent
object, access through the proxy server.
Returns the cached token or requests a new one and returns it.
gtoken.getToken(function(err, token) {
console.log(err || token);
// gtoken.token value is also set
});
Various properties set on the gtoken object after call to
.getToken()
.
gtoken.token
: The access token.gtoken.expiresAt
: The expiry date as milliseconds since 1970/01/01gtoken.key
: The raw key value.gtoken.rawToken
: Most recent raw token data received from Google.
Returns true if the token has expired, or token does not exist.
gtoken.getToken(function(err, token) {
if(token) {
gtoken.hasExpired(); // false
}
});
Revoke the token if set.
gtoken.revokeToken(function(err) {
if (err) {
console.log(err);
return;
}
console.log('Token revoked!');
});
- Open the Google Developer Console.
- Open your project and under "APIs & auth", click Credentials.
- Generate a new
.p12
key and download it into your project.
You can just specify your .p12
file (with .p12
extension) as the keyFile
and it will automatically be converted to a .pem
on the fly, however this results in a slight performance hit. If you'd like to convert to a .pem
for use later, use OpenSSL if you have it installed.
$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem
Don't forget, the passphrase when converting these files is the string 'notasecret'
New features:
- API now supports callback and promise based workflows
Breaking changes:
GoogleToken
is now a class type, and must be instantiated.GoogleToken.expires_at
renamed toGoogleToken.expiresAt
GoogleToken.raw_token
renamed toGoogleToken.rawToken
GoogleToken.token_expires
renamed toGoogleToken.tokenExpires