node-gtoken

Node.js Google Authentication Service Account Tokens

This is a low level utility library used to interact with Google Authentication services. In most cases, you probably want to use the google-auth-library instead.

Installation

 npm install gtoken

Usage

Use with a `.pem` or `.json` key file:

 const { GoogleToken } = require(' gtoken 
');
const gtoken = new GoogleToken 
({
  keyFile: 'path/to/key.pem', // or path to .json key file
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  eagerRefreshThresholdMillis: 5 * 60 * 1000
}); gtoken 
. getToken 
((err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }
  console.log(tokens);
  // {
  //   access_token: 'very-secret-token',
  //   expires_in: 3600,
  //   token_type: 'Bearer'
  // }
});

You can also use the async/await style API:

 const tokens = await gtoken.getToken()
console.log(tokens);

Or use promises:

 gtoken.getToken()
  .then(tokens => {
    console.log(tokens)
  })
  .catch(console.error);

Use with a service account `.json` key file:

 const { GoogleToken } = require(' gtoken 
');
const gtoken = new GoogleToken 
({
  keyFile: 'path/to/key.json',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  eagerRefreshThresholdMillis: 5 * 60 * 1000
}); gtoken 
. getToken 
((err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }
  console.log(tokens);
});

Pass the private key as a string directly:

 const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require(' gtoken 
');
const gtoken = new GoogleToken 
({
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  key: key,
  eagerRefreshThresholdMillis: 5 * 60 * 1000
});

Options

Various options that can be set when creating initializing the gtoken object.

options.email or options.iss : The service account email address.
options.scope : An array of scope strings or space-delimited string of scopes.
options.sub : The email address of the user requesting delegated access.
options.keyFile : The filename of .json key or .pem key.
options.key : The raw RSA private key value, in place of using options.keyFile .
options.additionalClaims : Additional claims to include in the JWT when requesting a token.
options.eagerRefreshThresholdMillis : How long must a token be valid for in order to return it from the cache. Defaults to 0.

.getToken(callback)

Returns the cached tokens or requests a new one and returns it.

 gtoken.getToken((err, token) => {
  console.log(err || token);
  // gtoken.rawToken value is also set
});

.getCredentials('path/to/key.json')

Given a keyfile, returns the key and (if available) the client email.

 const creds = await gtoken.getCredentials('path/to/key.json');

Properties

Various properties set on the gtoken object after call to .getToken() .

gtoken.idToken : The OIDC token returned (if any).
gtoken.accessToken : The access token.
gtoken.expiresAt : The expiry date as milliseconds since 1970/01/01
gtoken.key : The raw key value.
gtoken.rawToken : Most recent raw token data received from Google.

.hasExpired()

Returns true if the token has expired, or token does not exist.

 const tokens = await gtoken.getToken();
gtoken.hasExpired(); // false

.revokeToken()

Revoke the token if set.

 await gtoken.revokeToken();
console.log('Token revoked!');

Downloading your private `.json` key from Google

Open the Google Developer Console .
Open your project and under "APIs & auth", click Credentials.
Generate a new .json key and download it into your project.

Converting your `.p12` key to a `.pem` key

If you'd like to convert to a .pem for use later, use OpenSSL if you have it installed.

 $ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem

Don't forget, the passphrase when converting these files is the string 'notasecret'

License

MIT