Implementation of Google OAuth 2.0 for server-to-server interactions for Meteor (v0.9.0+).
This library is mostly based on the Google OAuth JWT library by Nicolas Mercier (extrabacon). However it was rewritten to support Meteor HTTP package and to work synchronously.
The library generates JWT tokens to establish identity for an API, without an end-user being involved. This is the preferred scenario for server-side communications. It can be used to interact with Google APIs requiring access to user data (such as Google Drive, Calendar, etc.) for which URL-based callbacks and user authorization prompts are not appropriate.
Tokens are generated for a service account, which is created from the Google API console. Service accounts must also be granted access to resources, using traditional assignation of permissions using the unique service account email address.
The authentication process is implemented following the specifications found here.
This package also integrates with HTTP package to seamlessly query Google RESTful APIs. Integration with the package provides automatic requesting for tokens, as well as built-in token caching.
Google OAuth JWT package can be installed using Meteor package system. Just type in the command line:
$ meteor add jagi:google-oauth-jwt
You can encode JSON Web Token (JWT) manually...
var JWT = GoogleOAuthJWT.encodeJWT({
email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
key: Assets.getText('key.pem'), // Get key file from assets
scopes: [
'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
'https://www.googleapis.com/auth/userinfo.email' // Old scope name
]
});
... or you can accquire access token directly.
var accessToken = GoogleOAuthJWT.authenticate({
email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
key: Assets.getText('key.pem'), // Get key file from assets
scopes: [
'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
'https://www.googleapis.com/auth/userinfo.email' // Old scope name
]
});
The library provides easy way to make an HTTP calls without thinkig about access tokens and JWTs. It also supports caching so it limits number of calls to the Google servers and makes things faster. For sub (optional) pass in the email address of the user for which the application is requesting delegated access.
HTTPJWT.setJWTOptions({ // Just call this once to set JWT
email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
key: Assets.getText('key.pem'), // Get key file from assets
scopes: [
'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
'https://www.googleapis.com/auth/userinfo.email' // Old scope name
],
sub: 'user@example.com'
});
// Accessing endpoints REST api
var url = 'https://<application_name>.appspot.com/_ah/api/<application_name>/<version>/<rest_api>';
var result = HTTPJWT.get(url);
console.log(result.data); // Access your data
You can also call HTTPJWT methods in asynchronous way.
var url = 'https://<application_name>.appspot.com/_ah/api/<application_name>/<version>/<rest_api>';
var result = HTTPJWT.get(url, options, function (err, res) {
// Do something after response
});
// Or just
var result = HTTPJWT.get(url, function (err, res) {
// Do something after response
});
You can generate *.p12 key file by following this instruction. Having *.p12 key file, you have to convert it to *.pem format. Instruction how to do it can be found here. Notice that password for accessing key is notasecret
.
Key file (*.pem) should be stored inside private
directory in your Meteor project's main directory. You can access files in this directory by using Assets.getText()
and Assets.getBinar()
functions as shown in example codes.
MIT