google-auth-library
Version:
Google APIs Authentication Client Library for Node.js
120 lines • 4.63 kB
JavaScript
;
/**
* Copyright 2015 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
var jws = require("jws");
var JWTAccess = /** @class */ (function () {
/**
* JWTAccess service account credentials.
*
* Create a new access token by using the credential to create a new JWT token
* that's recognized as the access token.
*
* @param {string=} email the service account email address.
* @param {string=} key the private key that will be used to sign the token.
* @constructor
*/
function JWTAccess(email, key) {
this.email = email;
this.key = key;
}
/**
* Indicates whether the credential requires scopes to be created by calling
* createdScoped before use.
*
* @return {boolean} always false
*/
JWTAccess.prototype.createScopedRequired = function () {
// JWT Header authentication does not use scopes.
return false;
};
/**
* Get a non-expired access token, after refreshing if necessary
*
* @param {string} authURI the URI being authorized
* @param {function} metadataCb a callback invoked with the jwt request metadata.
* @returns a Promise that resolves with the request metadata response
*/
JWTAccess.prototype.getRequestMetadata = function (authURI) {
var iat = Math.floor(new Date().getTime() / 1000);
var exp = iat + 3600; // 3600 seconds = 1 hour
// The payload used for signed JWT headers has:
// iss == sub == <client email>
// aud == <the authorization uri>
var payload = { iss: this.email, sub: this.email, aud: authURI, exp: exp, iat: iat };
var assertion = {
header: { alg: 'RS256' },
payload: payload,
secret: this.key
};
// Sign the jwt and invoke metadataCb with it.
var signedJWT = jws.sign({ header: { alg: 'RS256' }, payload: payload, secret: this.key });
return { headers: { Authorization: 'Bearer ' + signedJWT } };
};
/**
* Create a JWTAccess credentials instance using the given input options.
* @param {object=} json The input object.
*/
JWTAccess.prototype.fromJSON = function (json) {
if (!json) {
throw new Error('Must pass in a JSON object containing the service account auth settings.');
}
if (!json.client_email) {
throw new Error('The incoming JSON object does not contain a client_email field');
}
if (!json.private_key) {
throw new Error('The incoming JSON object does not contain a private_key field');
}
// Extract the relevant information from the json key file.
this.email = json.client_email;
this.key = json.private_key;
this.projectId = json.project_id;
};
JWTAccess.prototype.fromStream = function (inputStream, callback) {
if (callback) {
this.fromStreamAsync(inputStream).then(function (r) { return callback(); }).catch(callback);
}
else {
return this.fromStreamAsync(inputStream);
}
};
JWTAccess.prototype.fromStreamAsync = function (inputStream) {
var _this = this;
return new Promise(function (resolve, reject) {
if (!inputStream) {
reject(new Error('Must pass in a stream containing the service account auth settings.'));
}
var s = '';
inputStream.setEncoding('utf8');
inputStream.on('data', function (chunk) {
s += chunk;
});
inputStream.on('end', function () {
try {
var data = JSON.parse(s);
_this.fromJSON(data);
resolve();
}
catch (err) {
reject(err);
}
});
});
};
return JWTAccess;
}());
exports.JWTAccess = JWTAccess;
//# sourceMappingURL=jwtaccess.js.map