node-gtoken

Node.js Google Authentication Service Account Tokens

This is a low level utility library used to interact with Google Authentication services. In most cases, you probably want to use the google-auth-library instead.

• gtoken API Reference
• github.com/googleapis/node-gtoken

Installation

npm install gtoken

Usage

Use with a .pem or .json key file:

const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  keyFile: 'path/to/key.pem', // or path to .json key file
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  eagerRefreshThresholdMillis: 5 * 60 * 1000
});

gtoken.getToken((err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }
  console.log(tokens);
  // {
  //   access_token: 'very-secret-token',
  //   expires_in: 3600,
  //   token_type: 'Bearer'
  // }
});

You can also use the async/await style API:

const tokens = await gtoken.getToken()
console.log(tokens);

Or use promises:

gtoken.getToken()
  .then(tokens => {
    console.log(tokens)
  })
  .catch(console.error);

Use with a service account .json key file:

const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  keyFile: 'path/to/key.json',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  eagerRefreshThresholdMillis: 5 * 60 * 1000
});

gtoken.getToken((err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }
  console.log(tokens);
});

Pass the private key as a string directly:

const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
  email: 'my_service_account_email@developer.gserviceaccount.com',
  scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
  key: key,
  eagerRefreshThresholdMillis: 5 * 60 * 1000
});

Options

Various options that can be set when creating initializing the gtoken object.

• options.email or options.iss: The service account email address.
• options.scope: An array of scope strings or space-delimited string of scopes.
• options.sub: The email address of the user requesting delegated access.
• options.keyFile: The filename of .json key or .pem key.
• options.key: The raw RSA private key value, in place of using options.keyFile.
• options.additionalClaims: Additional claims to include in the JWT when requesting a token.
• options.eagerRefreshThresholdMillis: How long must a token be valid for in order to return it from the cache. Defaults to 0.

.getToken(callback)

Returns the cached tokens or requests a new one and returns it.

gtoken.getToken((err, token) => {
  console.log(err || token);
  // gtoken.rawToken value is also set
});

.getCredentials('path/to/key.json')

Given a keyfile, returns the key and (if available) the client email.

const creds = await gtoken.getCredentials('path/to/key.json');

Properties

Various properties set on the gtoken object after call to .getToken().

• gtoken.idToken: The OIDC token returned (if any).
• gtoken.accessToken: The access token.
• gtoken.expiresAt: The expiry date as milliseconds since 1970/01/01
• gtoken.key: The raw key value.
• gtoken.rawToken: Most recent raw token data received from Google.

.hasExpired()

Returns true if the token has expired, or token does not exist.

const tokens = await gtoken.getToken();
gtoken.hasExpired(); // false

.revokeToken()

Revoke the token if set.

await gtoken.revokeToken();
console.log('Token revoked!');

Downloading your private .json key from Google

1. Open the Google Developer Console.
2. Open your project and under "APIs & auth", click Credentials.
3. Generate a new .json key and download it into your project.

Converting your .p12 key to a .pem key

If you'd like to convert to a .pem for use later, use OpenSSL if you have it installed.

$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem

Don't forget, the passphrase when converting these files is the string 'notasecret'

License

MIT

Changelog

npm history

7.1.0 (2024-02-01)

Features

• Enable Token Retries (#481) (ed9f91e)

7.0.1 (2023-07-12)

Bug Fixes

• deps: Update gaxios to 6.0.0 (#462) (c05a2b3)

7.0.0 (2023-07-11)

⚠ BREAKING CHANGES

• move to node 14 as minimum version (#457)
• remove support for conversion of *.p12 to *.pem (#452)

Features

• Remove support for conversion of *.p12 to *.pem (#452) (522a96d)

Miscellaneous Chores

• Move to node 14 as minimum version (#457) (429df81)

6.1.2 (2022-08-23)

Bug Fixes

• remove pip install statements (#1546) (#440) (6fb8562)

6.1.1 (2022-08-04)

Bug Fixes

• deps: update gaxios to 5.0.1 (#436) (0d5d0e9)

6.1.0 (2022-06-28)

Features

• allow customizing the http client (#426) (408ad04)

6.0.1 (2022-06-07)

Bug Fixes

• deps: update dependency google-p12-pem to v4 (#430) (bd0848b)

6.0.0 (2022-05-10)

⚠ BREAKING CHANGES

• update library to use Node 12 (#428)

Build System

• update library to use Node 12 (#428) (288b662)

5.3.2 (2022-01-28)

Bug Fixes

• upgrade google-p12-pem to 3.1.3 (#413) (c3cebaf)

5.3.1 (2021-08-11)

Bug Fixes

• build: migrate to using main branch (#392) (992e3c5)

5.3.0 (2021-06-10)

Features

• add gcf-owl-bot[bot] to ignoreAuthors (#369) (3142215)

5.2.1 (2021-01-26)

Bug Fixes

• deps: remove dependency on mime (#357) (0a1e6b3)

5.2.0 (2021-01-14)

Features

• request new tokens before they expire (#349) (e84d9a3)

5.1.0 (2020-11-14)

Features

• dedupe concurrent requests (#351) (9001f1d)

5.0.5 (2020-10-22)

Bug Fixes

• deps: update dependency gaxios to v4 (#342) (7954a19)

5.0.4 (2020-10-06)

Bug Fixes

• deps: upgrade google-p12-pem (#337) (77a749d)

5.0.3 (2020-07-27)

Bug Fixes

• move gitattributes files to node templates (#322) (1d1786b)

5.0.2 (2020-07-09)

Bug Fixes

• typeo in nodejs .gitattribute (#311) (8e17b4c)

5.0.1 (2020-04-13)

Bug Fixes

• deps: update dependency gaxios to v3 (#287) (033731e)
• deps: update dependency google-p12-pem to v3 (#280) (25121b0)
• apache license URL (#468) (#293) (14a5bcd)

5.0.0 (2020-03-24)

⚠ BREAKING CHANGES

• drop Node 8 from engines (#284)
• typescript@3.7.x introduced breaking changes to compiled code

Features

• drop Node 8 from engines (#284) (209e007)

Build System

• update gts and typescript (#283) (ff076dc)

4.1.4 (2020-01-06)

Bug Fixes

• deps: pin TypeScript below 3.7.0 (f1ae7b6)
• deps: update dependency jws to v4 (#251) (e13542f)

4.1.3 (2019-11-15)

Bug Fixes

• deps: use typescript ~3.6.0 (#246) (5f725b7)

4.1.2 (2019-11-13)

Bug Fixes

• docs: add jsdoc-region-tag plugin (#242) (994c5cc)

4.1.1 (2019-10-31)

Bug Fixes

• deps: update gaxios to 2.1.0 (#238) (bb12064)

4.1.0 (2019-09-24)

Features

• allow upstream libraries to force token refresh (#229) (1fd4dd1)

4.0.0 (2019-07-09)

⚠ BREAKING CHANGES

• This commit creates multiple breaking changes. The getToken() method previously returned Promise<string>, where the string was the access_token returned from the response. However, the oauth2 endpoint could return a variety of other fields, such as an id_token in special cases.

const token = await getToken();
// old response: 'some.access.token'
// new response: { access_token: 'some.access.token'}

To further support this change, the GoogleToken class no longer exposes a token variable. It now exposes rawToken, accessToken, and idToken fields which can be used to access the relevant values returned in the response.

Bug Fixes

• expose all fields from response (#218) (d463370)

3.0.2 (2019-06-26)

Bug Fixes

• docs: make anchors work in jsdoc (#215) (c5f6c89)

3.0.1 (2019-06-13)

Bug Fixes

• docs: move to new client docs URL (#212) (b7a8c75)

3.0.0 (2019-05-07)

Bug Fixes

• deps: update dependency gaxios to v2 (#191) (da65ea7)
• deps: update dependency google-p12-pem to v2 (#196) (b510f06)
• fs.readFile does not exist in browser (#186) (a16d8e7)

Build System

• upgrade engines field to >=8.10.0 (#194) (ee4d6c8)

BREAKING CHANGES

• upgrade engines field to >=8.10.0 (#194)

v2.3.3

03-13-2019 14:54 PDT

Bug Fixes

• fix: propagate error message (#173)

Documentation

• docs: update links in contrib guide (#171)
• docs: move CONTRIBUTING.md to root (#166)
• docs: add lint/fix example to contributing guide (#164)

Internal / Testing Changes

• build: Add docuploader credentials to node publish jobs (#176)
• build: use node10 to run samples-test, system-test etc (#175)
• build: update release configuration
• chore(deps): update dependency mocha to v6
• build: use linkinator for docs test (#170)
• build: create docs test npm scripts (#169)
• build: test using @grpc/grpc-js in CI (#168)
• build: ignore googleapis.com in doc link check (#162)
• build: check for 404s on all docs

v2.3.2

01-09-2019 13:40 PST

Documentation

• docs: generate docs with compodoc (#154)
• docs: fix up the readme (#153)

Internal / Testing Changes

• build: Re-generated to pick up changes in the API or client library generator. (#158)
• build: check broken links in generated docs (#152)
• fix: add a system test and get it passing (#150)
• chore(build): inject yoshi automation key (#149)

v2.3.1

12-10-2018 15:28 PST

Dependencies

• fix(deps): update dependency pify to v4 (#87)
• fix(deps): use gaxios for http requests (#125)

Internal / Testing Changes

• build: add Kokoro configs for autorelease (#143)
• chore: always nyc report before calling codecov (#141)
• chore: nyc ignore build/test by default (#140)
• chore: update synth metadata and templates (#138)
• fix(build): fix system key decryption (#133)
• chore(deps): update dependency typescript to ~3.2.0 (#132)
• chore: add a synth.metadata
• chore(deps): update dependency gts to ^0.9.0 (#127)
• chore: update eslintignore config (#126)
• chore: use latest npm on Windows (#124)
• chore: update CircleCI config (#123)
• chore: include build in eslintignore (#120)
• chore: update issue templates (#116)
• chore: remove old issue template (#114)
• build: run tests on node11 (#113)
• chore(deps): update dependency nock to v10 (#111)
• chores(build): do not collect sponge.xml from windows builds (#112)
• chore(deps): update dependency typescript to ~3.1.0 (#110)
• chores(build): run codecov on continuous builds (#109)
• chore: update new issue template (#108)
• chore: update CI config (#105)
• Update kokoro config (#103)
• Update CI config (#101)
• Don't publish sourcemaps (#99)
• Update kokoro config (#97)
• test: remove appveyor config (#96)
• Update CI config (#95)
• Enable prefer-const in the eslint config (#94)
• Enable no-var in eslint (#93)
• Update CI config (#92)
• Add synth and update CI config (#91)
• Retry npm install in CI (#90)
• chore(deps): update dependency nyc to v13 (#88)
• chore: ignore package-log.json (#86)
• chore: update renovate config (#83)
• chore(deps): lock file maintenance (#85)
• chore: remove greenkeeper badge (#82)
• test: throw on deprecation (#81)
• chore(deps): update dependency typescript to v3 (#80)
• chore: move mocha options to mocha.opts (#78)
• chore(deps): lock file maintenance (#79)
• test: use strictEqual in tests (#76)
• chore(deps): lock file maintenance (#77)
• chore(deps): update dependency typescript to ~2.9.0 (#75)
• chore: Configure Renovate (#74)
• Update gts to the latest version 🚀 (#73)
• Add Code of Conduct
• build: start testing against Node 10 (#69)
• chore(package): update nyc to version 12.0.2 (#67)
• chore(package): update @types/node to version 10.0.3 (#65)

2.0.0

New features:

• API now supports callback and promise based workflows

Breaking changes:

• GoogleToken is now a class type, and must be instantiated.
• GoogleToken.expires_at renamed to GoogleToken.expiresAt
• GoogleToken.raw_token renamed to GoogleToken.rawToken
• GoogleToken.token_expires renamed to GoogleToken.tokenExpires