Options
All
  • Public
  • Public/Protected
  • All
Menu

Hierarchy

Implements

Index

Constructors

  • Impersonated service account credentials.

    Create a new access token by impersonating another service account.

    Impersonated Credentials allowing credentials issued to a user or service account to impersonate another. The source project using Impersonated Credentials must enable the "IAMCredentials" API. Also, the target service account must grant the orginating principal the "Service Account Token Creator" IAM role.

    Parameters

    Returns Impersonated

Properties

_clientId?: string
_clientSecret?: string
apiKey?: string
credentials: Credentials
eagerRefreshThresholdMillis: number
forceRefreshOnFailure: boolean
projectId?: null | string
quotaProjectId?: string

The quota project ID. The quota project can be used by client libraries for the billing purpose. See Working with quotas

refreshHandler?: GetRefreshHandlerCallback
transporter: Transporter
universeDomain: string

Methods

  • Generates an OpenID Connect ID token for a service account.

    Parameters

    • targetAudience: string

      the audience for the fetched ID token.

    • Optional options: FetchIdTokenOptions

      the for the request

    Returns Promise<string>

    an OpenID Connect ID token

  • Generates URL for consent page landing.

    Parameters

    Returns string

    URL to consent page.

  • generateCodeVerifier(): void
  • Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.

    Returns Promise<IapPublicKeysResponse>

  • Parameters

    Returns void

  • getRequestHeaders(url?: string): Promise<Headers>
  • The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.

    In OAuth2Client, the result has the form: { Authorization: 'Bearer ' }

    Parameters

    • Optional url: string

      The optional url being authorized

    Returns Promise<Headers>

  • getTokenInfo(accessToken: string): Promise<TokenInfo>
  • Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.

    Parameters

    • accessToken: string

      Required. The Access Token for which you want to get user info.

    Returns Promise<TokenInfo>

  • Subscribes a listener to the tokens event triggered when a token is generated.

    Parameters

    Returns Impersonated

  • Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.

    Type parameters

    • T

    Parameters

    Returns GaxiosPromise<T>

    Request object

  • Type parameters

    • T

    Parameters

    Returns void

  • Sets the auth credentials.

    Parameters

    Returns void

  • verifySignedJwtWithCerts(): void
  • verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>
  • Verify the id token is signed with the correct certificate and is from the correct audience.

    Parameters

    • jwt: string

      The jwt to verify (The ID Token in this case).

    • certs: Certificates | PublicKeys

      The array of certs to test the jwt against.

    • Optional requiredAudience: string | string[]

      The audience to test the jwt against.

    • Optional issuers: string[]

      The allowed issuers of the jwt (Optional).

    • Optional maxExpiry: number

      The max expiry the certificate can be (Optional).

    Returns Promise<LoginTicket>

    Returns a promise resolving to LoginTicket on verification.

  • getRevokeTokenUrl(token: string): string
  • Generates an URL to revoke the given token.

    Parameters

    • token: string

      The existing token to be revoked.

    Returns string