google-sa-id-token
Version:
Fetch ID Token for Service Account when running in GCloud
43 lines • 1.58 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateExampleSaToken = exports.randomString = void 0;
const crypto_1 = require("crypto");
const ms_1 = __importDefault(require("ms"));
function randomString(length, encode) {
return (0, crypto_1.randomBytes)(length * 4)
.slice(0, length)
.toString(encode);
}
exports.randomString = randomString;
const millisToSec = (m) => Math.floor(m / 1000);
function generateExampleSaToken(token) {
const header = {
alg: 'RS256',
kid: randomString(40, 'hex'),
typ: 'JWT',
};
const now = Date.now();
const exp = token.exp ? millisToSec(token.exp) : millisToSec(now + (0, ms_1.default)('1h'));
const iat = token.iat ? millisToSec(token.iat) : millisToSec(now);
const payload = {
aud: 'default',
azp: '<example-service-account-id>',
email: 'example@project-id.iam.gserviceaccount.com',
email_verified: true,
iss: 'https://accounts.google.com',
sub: '<example-service-account-id>',
...token,
exp,
iat,
};
const encode = (obj) => Buffer.from(JSON.stringify(obj)).toString('base64url');
return {
raw: `${encode(header)}.${encode(payload)}.${randomString(64, 'base64url')}`,
payload,
};
}
exports.generateExampleSaToken = generateExampleSaToken;
//# sourceMappingURL=generate-example-sa-token.js.map