/node-gtoken-china

由于**国内不能直接访问googleapis服务,所以修改了原来的node-gtoken这个包,使之能够通过https.Agent代理访问googleapis服务。

Primary LanguageTypeScriptMIT LicenseMIT

node-gtoken

NPM Version CircleCI Dependency Status devDependency Status Known Vulnerabilities codecov Greenkeeper badge style badge

Node.js Google Authentication Service Account Tokens

**版说明

由于**国内不能直接访问googleapis服务,所以修改了原来的node-gtoken这个包,使之能够通过https.Agent代理访问googleapis服务。具体变化如下:

  • 删除了axios。虽然axios官方文档上声称支持使用axios.defaults[...]来设置全局属性,但实际使用失败,axios本身bug也很多。
  • 添加 node-fetch@types/node-fetch
  • GoogleToken添加agent参数

示例:

const HttpsProxyAgent = require('https-proxy-agent')
const { GoogleToken } = require('gtoken-china')
const agent = new HttpsProxyAgent(process.env.HTTP_PROXY)
const gtoken = new GoogleToken({
  agent,
  iss: ISS, // 需要定义
  scope: [
    'https://www.googleapis.com/auth/firebase.messaging'
  ],
  key: KEY // 需要定义
})

Installation

npm install gtoken

Usage

Use with a .pem or .p12 key file:

const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  keyFile: 'path/to/key.pem', // or path to .p12 key file
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'] // or space-delimited string of scopes
});

gtoken.getToken(function(err, token) {
  if (err) {
    console.log(err);
    return;
  }
  console.log(token);
});

You can also use the async/await style API:

const token = await gtoken.getToken()
console.log(token);

Or use promises:

gtoken.getToken()
  .then(token => {
    console.log(`Token: ${token}`)
  })
  .catch(e => console.error);

Use with a service account .json key file:

const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  keyFile: 'path/to/key.json',
  scope: ['https://scope1', 'https://scope2'] // or space-delimited string of scopes
});

gtoken.getToken(function(err, token) {
  if (err) {
    console.log(err);
    return;
  }
  console.log(token);
});

Pass the private key as a string directly:

const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  key: key
});

Options

Various options that can be set when creating initializing the gtoken object.

  • options.email or options.iss: The service account email address.
  • options.scope: An array of scope strings or space-delimited string of scopes.
  • options.sub: The email address of the user requesting delegated access.
  • options.keyFile: The filename of .json key, .pem key or .p12 key.
  • options.key: The raw RSA private key value, in place of using options.keyFile.

.getToken(callback)

Returns the cached token or requests a new one and returns it.

gtoken.getToken(function(err, token) {
  console.log(err || token);
  // gtoken.token value is also set
});

Properties

Various properties set on the gtoken object after call to .getToken().

  • gtoken.token: The access token.
  • gtoken.expiresAt: The expiry date as milliseconds since 1970/01/01
  • gtoken.key: The raw key value.
  • gtoken.rawToken: Most recent raw token data received from Google.

.hasExpired()

Returns true if the token has expired, or token does not exist.

gtoken.getToken(function(err, token) {
  if(token) {
    gtoken.hasExpired(); // false
  }
});

.revokeToken()

Revoke the token if set.

gtoken.revokeToken(function(err) {
  if (err) {
    console.log(err);
    return;
  }
  console.log('Token revoked!');
});

Downloading your private .p12 key from Google

  1. Open the Google Developer Console.
  2. Open your project and under "APIs & auth", click Credentials.
  3. Generate a new .p12 key and download it into your project.

Converting your .p12 key to a .pem key

You can just specify your .p12 file (with .p12 extension) as the keyFile and it will automatically be converted to a .pem on the fly, however this results in a slight performance hit. If you'd like to convert to a .pem for use later, use OpenSSL if you have it installed.

$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem

Don't forget, the passphrase when converting these files is the string 'notasecret'

Changelog

1.2.2 -> 2.0.0

New features:

  • API now supports callback and promise based workflows

Breaking changes:

  • GoogleToken is now a class type, and must be instantiated.
  • GoogleToken.expires_at renamed to GoogleToken.expiresAt
  • GoogleToken.raw_token renamed to GoogleToken.rawToken
  • GoogleToken.token_expires renamed to GoogleToken.tokenExpires

License

MIT