Class OAuth2Client (9.0.0)

Inheritance

AuthClient > OAuth2Client

Package

google-auth-library

Constructors

(constructor)(options)

constructor(options?: OAuth2ClientOptions);

Handles OAuth2 flow for Google APIs.

Parameter
Name Description
options OAuth2ClientOptions

(constructor)(clientId, clientSecret, redirectUri)

constructor(clientId?: string, clientSecret?: string, redirectUri?: string);

Constructs a new instance of the OAuth2Client class

Parameters
Name Description
clientId string
clientSecret string
redirectUri string

Properties

_clientId

_clientId?: string;

_clientSecret

_clientSecret?: string;

apiKey

apiKey?: string;

eagerRefreshThresholdMillis

eagerRefreshThresholdMillis: number;

forceRefreshOnFailure

forceRefreshOnFailure: boolean;

GOOGLE_TOKEN_INFO_URL

protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";

projectId

projectId?: string;

refreshHandler

refreshHandler?: GetRefreshHandlerCallback;

refreshTokenPromises

protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>;

Methods

generateAuthUrl(opts)

generateAuthUrl(opts?: GenerateAuthUrlOpts): string;

Generates URL for consent page landing.

Parameter
Name Description
opts GenerateAuthUrlOpts

Options. URL to consent page.
Returns
Type Description
string

generateCodeVerifier()

generateCodeVerifier(): void;
Returns
Type Description
void

generateCodeVerifierAsync()

generateCodeVerifierAsync(): Promise<CodeVerifierResults>;

Convenience method to automatically generate a code_verifier, and its resulting SHA256. If used, this must be paired with a S256 code_challenge_method.

For a full example see: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js

Returns
Type Description
Promise<CodeVerifierResults>

getAccessToken()

getAccessToken(): Promise<GetAccessTokenResponse>;

Get a non-expired access token, after refreshing if necessary

Returns
Type Description
Promise<GetAccessTokenResponse>

getAccessToken(callback)

getAccessToken(callback: GetAccessTokenCallback): void;
Parameter
Name Description
callback GetAccessTokenCallback
Returns
Type Description
void

getFederatedSignonCerts()

getFederatedSignonCerts(): Promise<FederatedSignonCertsResponse>;

Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.

Returns
Type Description
Promise<FederatedSignonCertsResponse>

getFederatedSignonCerts(callback)

getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback): void;
Parameter
Name Description
callback GetFederatedSignonCertsCallback
Returns
Type Description
void

getFederatedSignonCertsAsync()

getFederatedSignonCertsAsync(): Promise<FederatedSignonCertsResponse>;
Returns
Type Description
Promise<FederatedSignonCertsResponse>

getIapPublicKeys()

getIapPublicKeys(): Promise<IapPublicKeysResponse>;

Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.

Returns
Type Description
Promise<IapPublicKeysResponse>

getIapPublicKeys(callback)

getIapPublicKeys(callback: GetIapPublicKeysCallback): void;
Parameter
Name Description
callback GetIapPublicKeysCallback
Returns
Type Description
void

getIapPublicKeysAsync()

getIapPublicKeysAsync(): Promise<IapPublicKeysResponse>;
Returns
Type Description
Promise<IapPublicKeysResponse>

getRequestHeaders(url)

getRequestHeaders(url?: string): Promise<Headers>;

The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.

In OAuth2Client, the result has the form: { Authorization: 'Bearer <access_token_value>' }

Parameter
Name Description
url string

The optional url being authorized
Returns
Type Description
Promise<Headers>

getRequestMetadataAsync(url)

protected getRequestMetadataAsync(url?: string | null): Promise<RequestMetadataResponse>;
Parameter
Name Description
url string | null
Returns
Type Description
Promise<RequestMetadataResponse>

getRevokeTokenUrl(token)

static getRevokeTokenUrl(token: string): string;

Generates an URL to revoke the given token.

Parameter
Name Description
token string

The existing token to be revoked.
Returns
Type Description
string

getToken(code)

getToken(code: string): Promise<GetTokenResponse>;

Gets the access token for the given code.

Parameter
Name Description
code string

The authorization code.
Returns
Type Description
Promise<GetTokenResponse>

getToken(options)

getToken(options: GetTokenOptions): Promise<GetTokenResponse>;
Parameter
Name Description
options GetTokenOptions
Returns
Type Description
Promise<GetTokenResponse>

getToken(code, callback)

getToken(code: string, callback: GetTokenCallback): void;
Parameters
Name Description
code string
callback GetTokenCallback
Returns
Type Description
void

getToken(options, callback)

getToken(options: GetTokenOptions, callback: GetTokenCallback): void;
Parameters
Name Description
options GetTokenOptions
callback GetTokenCallback
Returns
Type Description
void

getTokenInfo(accessToken)

getTokenInfo(accessToken: string): Promise<TokenInfo>;

Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.

Parameter
Name Description
accessToken string

Required. The Access Token for which you want to get user info.
Returns
Type Description
Promise<TokenInfo>

isTokenExpiring()

protected isTokenExpiring(): boolean;

Returns true if a token is expired or will expire within eagerRefreshThresholdMillismilliseconds. If there is no expiry time, assumes the token is not expired or expiring.

Returns
Type Description
boolean

refreshAccessToken()

refreshAccessToken(): Promise<RefreshAccessTokenResponse>;

Retrieves the access token using refresh token

Returns
Type Description
Promise<RefreshAccessTokenResponse>

refreshAccessToken(callback)

refreshAccessToken(callback: RefreshAccessTokenCallback): void;
Parameter
Name Description
callback RefreshAccessTokenCallback
Returns
Type Description
void

refreshToken(refreshToken)

protected refreshToken(refreshToken?: string | null): Promise<GetTokenResponse>;

Refreshes the access token.

Parameter
Name Description
refreshToken string | null
Returns
Type Description
Promise<GetTokenResponse>

refreshTokenNoCache(refreshToken)

protected refreshTokenNoCache(refreshToken?: string | null): Promise<GetTokenResponse>;
Parameter
Name Description
refreshToken string | null
Returns
Type Description
Promise<GetTokenResponse>

request(opts)

request<T>(opts: GaxiosOptions): GaxiosPromise<T>;

Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.

Parameter
Name Description
opts GaxiosOptions

Request options.
Returns
Type Description
GaxiosPromise<T>
Type Parameter
Name Description
T

request(opts, callback)

request<T>(opts: GaxiosOptions, callback: BodyResponseCallback<T>): void;
Parameters
Name Description
opts GaxiosOptions
callback BodyResponseCallback<T>
Returns
Type Description
void
Type Parameter
Name Description
T

requestAsync(opts, retry)

protected requestAsync<T>(opts: GaxiosOptions, retry?: boolean): Promise<GaxiosResponse<T>>;
Parameters
Name Description
opts GaxiosOptions
retry boolean
Returns
Type Description
Promise<GaxiosResponse<T>>
Type Parameter
Name Description
T

revokeCredentials()

revokeCredentials(): GaxiosPromise<RevokeCredentialsResult>;

Revokes access token and clears the credentials object

Returns
Type Description
GaxiosPromise<RevokeCredentialsResult>

revokeCredentials(callback)

revokeCredentials(callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameter
Name Description
callback BodyResponseCallback<RevokeCredentialsResult>
Returns
Type Description
void

revokeToken(token)

revokeToken(token: string): GaxiosPromise<RevokeCredentialsResult>;

Revokes the access given to token.

Parameter
Name Description
token string

The existing token to be revoked.
Returns
Type Description
GaxiosPromise<RevokeCredentialsResult>

revokeToken(token, callback)

revokeToken(token: string, callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameters
Name Description
token string
callback BodyResponseCallback<RevokeCredentialsResult>
Returns
Type Description
void

verifyIdToken(options)

verifyIdToken(options: VerifyIdTokenOptions): Promise<LoginTicket>;

Verify id token is token by checking the certs and audience

Parameter
Name Description
options VerifyIdTokenOptions

that contains all options.
Returns
Type Description
Promise<LoginTicket>

verifyIdToken(options, callback)

verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null, login?: LoginTicket) => void): void;
Parameters
Name Description
options VerifyIdTokenOptions
callback (err: Error | null, login?: LoginTicket) => void
Returns
Type Description
void

verifySignedJwtWithCerts()

verifySignedJwtWithCerts(): void;
Returns
Type Description
void

verifySignedJwtWithCertsAsync(jwt, certs, requiredAudience, issuers, maxExpiry)

verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>;

Verify the id token is signed with the correct certificate and is from the correct audience.

Parameters
Name Description
jwt string

The jwt to verify (The ID Token in this case).
certs Certificates | PublicKeys

The array of certs to test the jwt against.
requiredAudience string | string[]

The audience to test the jwt against.
issuers string[]

The allowed issuers of the jwt (Optional).
maxExpiry number

The max expiry the certificate can be (Optional). Returns a promise resolving to LoginTicket on verification.
Returns
Type Description
Promise<LoginTicket>