Inheritance
AuthClient
>
OAuth2Client
Package
google-auth-library
Constructors
(constructor)(options)
constructor(options?: OAuth2ClientOptions);
Handles OAuth2 flow for Google APIs.
(constructor)(clientId, clientSecret, redirectUri)
constructor(clientId?: string, clientSecret?: string, redirectUri?: string);
Constructs a new instance of the OAuth2Client class
| Parameters |
|---|
| Name | Description |
clientId |
string
|
clientSecret |
string
|
redirectUri |
string
|
Properties
_clientId
_clientSecret
apiKey
eagerRefreshThresholdMillis
eagerRefreshThresholdMillis: number;
forceRefreshOnFailure
forceRefreshOnFailure: boolean;
GOOGLE_TOKEN_INFO_URL
protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";
projectId
refreshHandler
refreshHandler?: GetRefreshHandlerCallback;
refreshTokenPromises
protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>;
Methods
generateAuthUrl(opts)
generateAuthUrl(opts?: GenerateAuthUrlOpts): string;
Generates URL for consent page landing.
| Returns |
|---|
| Type | Description |
string | |
generateCodeVerifier()
generateCodeVerifier(): void;
| Returns |
|---|
| Type | Description |
void | |
generateCodeVerifierAsync()
generateCodeVerifierAsync(): Promise<CodeVerifierResults>;
getAccessToken()
getAccessToken(): Promise<GetAccessTokenResponse>;
Get a non-expired access token, after refreshing if necessary
| Returns |
|---|
| Type | Description |
Promise<GetAccessTokenResponse> | |
getAccessToken(callback)
getAccessToken(callback: GetAccessTokenCallback): void;
| Parameter |
|---|
| Name | Description |
callback |
GetAccessTokenCallback
|
| Returns |
|---|
| Type | Description |
void | |
getFederatedSignonCerts()
getFederatedSignonCerts(): Promise<FederatedSignonCertsResponse>;
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
| Returns |
|---|
| Type | Description |
Promise<FederatedSignonCertsResponse> | |
getFederatedSignonCerts(callback)
getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback): void;
| Parameter |
|---|
| Name | Description |
callback |
GetFederatedSignonCertsCallback
|
| Returns |
|---|
| Type | Description |
void | |
getFederatedSignonCertsAsync()
getFederatedSignonCertsAsync(): Promise<FederatedSignonCertsResponse>;
| Returns |
|---|
| Type | Description |
Promise<FederatedSignonCertsResponse> | |
getIapPublicKeys()
getIapPublicKeys(): Promise<IapPublicKeysResponse>;
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
| Returns |
|---|
| Type | Description |
Promise<IapPublicKeysResponse> | |
getIapPublicKeys(callback)
getIapPublicKeys(callback: GetIapPublicKeysCallback): void;
| Parameter |
|---|
| Name | Description |
callback |
GetIapPublicKeysCallback
|
| Returns |
|---|
| Type | Description |
void | |
getIapPublicKeysAsync()
getIapPublicKeysAsync(): Promise<IapPublicKeysResponse>;
| Returns |
|---|
| Type | Description |
Promise<IapPublicKeysResponse> | |
getRequestHeaders(url?: string): Promise<Headers>;
The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.
In OAuth2Client, the result has the form: { Authorization: 'Bearer <access_token_value>' }
| Parameter |
|---|
| Name | Description |
url |
string
The optional url being authorized
|
| Returns |
|---|
| Type | Description |
Promise<Headers> | |
protected getRequestMetadataAsync(url?: string | null): Promise<RequestMetadataResponse>;
| Parameter |
|---|
| Name | Description |
url |
string | null
|
| Returns |
|---|
| Type | Description |
Promise<RequestMetadataResponse> | |
getRevokeTokenUrl(token)
static getRevokeTokenUrl(token: string): string;
Generates an URL to revoke the given token.
| Parameter |
|---|
| Name | Description |
token |
string
The existing token to be revoked.
|
| Returns |
|---|
| Type | Description |
string | |
getToken(code)
getToken(code: string): Promise<GetTokenResponse>;
Gets the access token for the given code.
| Parameter |
|---|
| Name | Description |
code |
string
The authorization code.
|
| Returns |
|---|
| Type | Description |
Promise<GetTokenResponse> | |
getToken(options)
getToken(options: GetTokenOptions): Promise<GetTokenResponse>;
| Returns |
|---|
| Type | Description |
Promise<GetTokenResponse> | |
getToken(code, callback)
getToken(code: string, callback: GetTokenCallback): void;
| Parameters |
|---|
| Name | Description |
code |
string
|
callback |
GetTokenCallback
|
| Returns |
|---|
| Type | Description |
void | |
getToken(options, callback)
getToken(options: GetTokenOptions, callback: GetTokenCallback): void;
| Returns |
|---|
| Type | Description |
void | |
getTokenInfo(accessToken)
getTokenInfo(accessToken: string): Promise<TokenInfo>;
Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.
| Parameter |
|---|
| Name | Description |
accessToken |
string
Required. The Access Token for which you want to get user info.
|
isTokenExpiring()
protected isTokenExpiring(): boolean;
Returns true if a token is expired or will expire within eagerRefreshThresholdMillismilliseconds. If there is no expiry time, assumes the token is not expired or expiring.
| Returns |
|---|
| Type | Description |
boolean | |
refreshAccessToken()
refreshAccessToken(): Promise<RefreshAccessTokenResponse>;
Retrieves the access token using refresh token
| Returns |
|---|
| Type | Description |
Promise<RefreshAccessTokenResponse> | |
refreshAccessToken(callback)
refreshAccessToken(callback: RefreshAccessTokenCallback): void;
| Parameter |
|---|
| Name | Description |
callback |
RefreshAccessTokenCallback
|
| Returns |
|---|
| Type | Description |
void | |
refreshToken(refreshToken)
protected refreshToken(refreshToken?: string | null): Promise<GetTokenResponse>;
Refreshes the access token.
| Parameter |
|---|
| Name | Description |
refreshToken |
string | null
|
| Returns |
|---|
| Type | Description |
Promise<GetTokenResponse> | |
refreshTokenNoCache(refreshToken)
protected refreshTokenNoCache(refreshToken?: string | null): Promise<GetTokenResponse>;
| Parameter |
|---|
| Name | Description |
refreshToken |
string | null
|
| Returns |
|---|
| Type | Description |
Promise<GetTokenResponse> | |
request(opts)
request<T>(opts: GaxiosOptions): GaxiosPromise<T>;
Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.
| Parameter |
|---|
| Name | Description |
opts |
GaxiosOptions
Request options.
|
| Returns |
|---|
| Type | Description |
GaxiosPromise<T> | |
| Type Parameter |
|---|
| Name | Description |
T | |
request(opts, callback)
request<T>(opts: GaxiosOptions, callback: BodyResponseCallback<T>): void;
| Parameters |
|---|
| Name | Description |
opts |
GaxiosOptions
|
callback |
BodyResponseCallback<T>
|
| Returns |
|---|
| Type | Description |
void | |
| Type Parameter |
|---|
| Name | Description |
T | |
requestAsync(opts, retry)
protected requestAsync<T>(opts: GaxiosOptions, retry?: boolean): Promise<GaxiosResponse<T>>;
| Parameters |
|---|
| Name | Description |
opts |
GaxiosOptions
|
retry |
boolean
|
| Returns |
|---|
| Type | Description |
Promise<GaxiosResponse<T>> | |
| Type Parameter |
|---|
| Name | Description |
T | |
revokeCredentials()
revokeCredentials(): GaxiosPromise<RevokeCredentialsResult>;
Revokes access token and clears the credentials object
| Returns |
|---|
| Type | Description |
GaxiosPromise<RevokeCredentialsResult> | |
revokeCredentials(callback)
revokeCredentials(callback: BodyResponseCallback<RevokeCredentialsResult>): void;
| Parameter |
|---|
| Name | Description |
callback |
BodyResponseCallback<RevokeCredentialsResult>
|
| Returns |
|---|
| Type | Description |
void | |
revokeToken(token)
revokeToken(token: string): GaxiosPromise<RevokeCredentialsResult>;
Revokes the access given to token.
| Parameter |
|---|
| Name | Description |
token |
string
The existing token to be revoked.
|
| Returns |
|---|
| Type | Description |
GaxiosPromise<RevokeCredentialsResult> | |
revokeToken(token, callback)
revokeToken(token: string, callback: BodyResponseCallback<RevokeCredentialsResult>): void;
| Parameters |
|---|
| Name | Description |
token |
string
|
callback |
BodyResponseCallback<RevokeCredentialsResult>
|
| Returns |
|---|
| Type | Description |
void | |
verifyIdToken(options)
verifyIdToken(options: VerifyIdTokenOptions): Promise<LoginTicket>;
Verify id token is token by checking the certs and audience
verifyIdToken(options, callback)
verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null, login?: LoginTicket) => void): void;
| Returns |
|---|
| Type | Description |
void | |
verifySignedJwtWithCerts()
verifySignedJwtWithCerts(): void;
| Returns |
|---|
| Type | Description |
void | |
verifySignedJwtWithCertsAsync(jwt, certs, requiredAudience, issuers, maxExpiry)
verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>;
Verify the id token is signed with the correct certificate and is from the correct audience.
| Parameters |
|---|
| Name | Description |
jwt |
string
The jwt to verify (The ID Token in this case).
|
certs |
Certificates | PublicKeys
The array of certs to test the jwt against.
|
requiredAudience |
string | string[]
The audience to test the jwt against.
|
issuers |
string[]
The allowed issuers of the jwt (Optional).
|
maxExpiry |
number
The max expiry the certificate can be (Optional). Returns a promise resolving to LoginTicket on verification.
|
