src/auth/refreshclient.ts
constructor(optionsOrClientId?: string | UserRefreshClientOptions, clientSecret?: string, refreshToken?: string, eagerRefreshThresholdMillis?: number, forceRefreshOnFailure?: boolean)
|
||||||||||||||||||
|
Defined in src/auth/refreshclient.ts:40
|
||||||||||||||||||
|
Parameters :
|
| Optional _refreshToken |
Type : string | null
|
|
Defined in src/auth/refreshclient.ts:29
|
| Optional _clientId |
Type : string
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:417
|
| Optional _clientSecret |
Type : string
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:420
|
| Optional apiKey |
Type : string
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:422
|
| eagerRefreshThresholdMillis |
Type : number
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:426
|
| forceRefreshOnFailure |
Type : boolean
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:428
|
| Optional projectId |
Type : string
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:424
|
| fromJSON | ||||||||
fromJSON(json: JWTInput)
|
||||||||
|
Defined in src/auth/refreshclient.ts:85
|
||||||||
|
Create a UserRefreshClient credentials instance using the given input options.
Parameters :
Returns :
void
|
| fromStream | ||||||||
fromStream(inputStream: stream.Readable)
|
||||||||
|
Defined in src/auth/refreshclient.ts:124
|
||||||||
|
Create a UserRefreshClient credentials instance using the given input stream.
Parameters :
Returns :
Promise<void>
|
| fromStream | |||||||||
fromStream(inputStream: stream.Readable, callback: (err: Error) => void)
|
|||||||||
|
Defined in src/auth/refreshclient.ts:125
|
|||||||||
|
Parameters :
Returns :
void
|
| fromStream | |||||||||
fromStream(inputStream: stream.Readable, callback?: (err?: Error) => void)
|
|||||||||
|
Defined in src/auth/refreshclient.ts:129
|
|||||||||
|
Parameters :
Returns :
void | Promise
|
| generateAuthUrl | ||||||||||
generateAuthUrl(opts: GenerateAuthUrlOpts)
|
||||||||||
|
Inherited from
OAuth2Client
|
||||||||||
|
Defined in
OAuth2Client:522
|
||||||||||
|
Generates URL for consent page landing.
Parameters :
Returns :
string
URL to consent page. |
| generateCodeVerifier |
generateCodeVerifier()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:539
|
|
Returns :
void
|
| Async generateCodeVerifierAsync |
generateCodeVerifierAsync()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:555
|
|
Convenience method to automatically generate a code_verifier, and its resulting SHA256. If used, this must be paired with a S256 code_challenge_method. For a full example see: https://github.com/googleapis/google-auth-library-nodejs/blob/master/samples/oauth2-codeVerifier.js
Returns :
Promise<CodeVerifierResults>
|
| getAccessToken | ||||||
getAccessToken(callback?: GetAccessTokenCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:730
|
||||||
|
Parameters :
Returns :
Promise | void
|
| getAccessToken | ||||||
getAccessToken(callback: GetAccessTokenCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:729
|
||||||
|
Parameters :
Returns :
void
|
| getAccessToken |
getAccessToken()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:728
|
|
Get a non-expired access token, after refreshing if necessary
Returns :
Promise<GetAccessTokenResponse>
|
| getFederatedSignonCerts | ||||||
getFederatedSignonCerts(callback?: GetFederatedSignonCertsCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:1045
|
||||||
|
Parameters :
Returns :
Promise | void
|
| getFederatedSignonCerts | ||||||
getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:1044
|
||||||
|
Parameters :
Returns :
void
|
| getFederatedSignonCerts |
getFederatedSignonCerts()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:1043
|
|
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
Returns :
Promise<FederatedSignonCertsResponse>
|
| Async getFederatedSignonCertsAsync |
getFederatedSignonCertsAsync()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:1058
|
|
Returns :
Promise<FederatedSignonCertsResponse>
|
| getIapPublicKeys | ||||||
getIapPublicKeys(callback?: GetIapPublicKeysCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:1130
|
||||||
|
Parameters :
Returns :
Promise | void
|
| getIapPublicKeys | ||||||
getIapPublicKeys(callback: GetIapPublicKeysCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:1129
|
||||||
|
Parameters :
Returns :
void
|
| getIapPublicKeys |
getIapPublicKeys()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:1128
|
|
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
Returns :
Promise<IapPublicKeysResponse>
|
| Async getIapPublicKeysAsync |
getIapPublicKeysAsync()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:1143
|
|
Returns :
Promise<IapPublicKeysResponse>
|
| Async getRequestHeaders | ||||||||
getRequestHeaders(url?: string)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:770
|
||||||||
|
The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields. In OAuth2Client, the result has the form:
{ Authorization: 'Bearer
Parameters :
Returns :
Promise<Headers>
|
| Static getRevokeTokenUrl | ||||||||
getRevokeTokenUrl(token: string)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:825
|
||||||||
|
Generates an URL to revoke the given token.
Parameters :
Returns :
string
|
| getToken | |||||||||
getToken(codeOrOptions: string | GetTokenOptions, callback?: GetTokenCallback)
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:588
|
|||||||||
|
Parameters :
Returns :
Promise | void
|
| getToken | |||||||||
getToken(code: string, callback: GetTokenCallback)
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:586
|
|||||||||
|
Parameters :
Returns :
void
|
| getToken | ||||||
getToken(options: GetTokenOptions)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:585
|
||||||
|
Parameters :
Returns :
Promise<GetTokenResponse>
|
| getToken | |||||||||
getToken(options: GetTokenOptions, callback: GetTokenCallback)
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:587
|
|||||||||
|
Parameters :
Returns :
void
|
| getToken | ||||||||
getToken(code: string)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:584
|
||||||||
|
Gets the access token for the given code.
Parameters :
Returns :
Promise<GetTokenResponse>
|
| Async getTokenInfo | ||||||||
getTokenInfo(accessToken: string)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:1016
|
||||||||
|
Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.
Parameters :
Returns :
Promise<TokenInfo>
|
| refreshAccessToken | ||||||
refreshAccessToken(callback: RefreshAccessTokenCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:701
|
||||||
|
Parameters :
Returns :
void
|
| refreshAccessToken |
refreshAccessToken()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:700
|
|
Retrieves the access token using refresh token
Returns :
Promise<RefreshAccessTokenResponse>
|
| refreshAccessToken | ||||||
refreshAccessToken(callback?: RefreshAccessTokenCallback)
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:702
|
||||||
|
Parameters :
Returns :
Promise | void
|
| request | |||||||||
request(opts: GaxiosOptions, callback?: BodyResponseCallback
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:895
|
|||||||||
Type parameters :
|
|||||||||
|
Parameters :
Returns :
GaxiosPromise | void
|
| request | |||||||||
request(opts: GaxiosOptions, callback: BodyResponseCallback
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:894
|
|||||||||
Type parameters :
|
|||||||||
|
Parameters :
Returns :
void
|
| request | ||||||||
request(opts: GaxiosOptions)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:893
|
||||||||
Type parameters :
|
||||||||
|
Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.
Parameters :
Returns :
GaxiosPromise<T>
Request object |
| revokeCredentials |
revokeCredentials()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:861
|
|
Revokes access token and clears the credentials object
Returns :
GaxiosPromise<RevokeCredentialsResult>
|
| revokeCredentials | ||||||
revokeCredentials(callback: BodyResponseCallback
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:862
|
||||||
|
Parameters :
Returns :
void
|
| revokeCredentials | ||||||
revokeCredentials(callback?: BodyResponseCallback
|
||||||
|
Inherited from
OAuth2Client
|
||||||
|
Defined in
OAuth2Client:865
|
||||||
|
Parameters :
Returns :
GaxiosPromise | void
|
| revokeToken | |||||||||
revokeToken(token: string, callback?: BodyResponseCallback
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:840
|
|||||||||
|
Parameters :
Returns :
GaxiosPromise | void
|
| revokeToken | |||||||||
revokeToken(token: string, callback: BodyResponseCallback
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:836
|
|||||||||
|
Parameters :
Returns :
void
|
| revokeToken | ||||||||
revokeToken(token: string)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:835
|
||||||||
|
Revokes the access given to token.
Parameters :
Returns :
GaxiosPromise<RevokeCredentialsResult>
|
| verifyIdToken | |||||||||
verifyIdToken(options: VerifyIdTokenOptions, callback?: (err?: Error | null,login?: LoginTicket) => void)
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:971
|
|||||||||
|
Parameters :
Returns :
void | Promise
|
| verifyIdToken | |||||||||
verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null,login: LoginTicket) => void)
|
|||||||||
|
Inherited from
OAuth2Client
|
|||||||||
|
Defined in
OAuth2Client:967
|
|||||||||
|
Parameters :
Returns :
void
|
| verifyIdToken | ||||||||
verifyIdToken(options: VerifyIdTokenOptions)
|
||||||||
|
Inherited from
OAuth2Client
|
||||||||
|
Defined in
OAuth2Client:966
|
||||||||
|
Verify id token is token by checking the certs and audience
Parameters :
Returns :
Promise<LoginTicket>
|
| verifySignedJwtWithCerts |
verifySignedJwtWithCerts()
|
|
Inherited from
OAuth2Client
|
|
Defined in
OAuth2Client:1157
|
|
Returns :
void
|
| Async verifySignedJwtWithCertsAsync | ||||||||||||||||||||||||
verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number)
|
||||||||||||||||||||||||
|
Inherited from
OAuth2Client
|
||||||||||||||||||||||||
|
Defined in
OAuth2Client:1175
|
||||||||||||||||||||||||
|
Verify the id token is signed with the correct certificate and is from the correct audience.
Parameters :
Returns :
{}
Returns a promise resolving to LoginTicket on verification. |
import * as stream from 'stream';
import {JWTInput} from './credentials';
import {GetTokenResponse, OAuth2Client, RefreshOptions} from './oauth2client';
export interface UserRefreshClientOptions extends RefreshOptions {
clientId?: string;
clientSecret?: string;
refreshToken?: string;
}
export class UserRefreshClient extends OAuth2Client {
// TODO: refactor tests to make this private
// In a future gts release, the _propertyName rule will be lifted.
// This is also a hard one because `this.refreshToken` is a function.
_refreshToken?: string | null;
/**
* User Refresh Token credentials.
*
* @param clientId The authentication client ID.
* @param clientSecret The authentication client secret.
* @param refreshToken The authentication refresh token.
*/
constructor(clientId?: string, clientSecret?: string, refreshToken?: string);
constructor(options: UserRefreshClientOptions);
constructor(clientId?: string, clientSecret?: string, refreshToken?: string);
constructor(
optionsOrClientId?: string | UserRefreshClientOptions,
clientSecret?: string,
refreshToken?: string,
eagerRefreshThresholdMillis?: number,
forceRefreshOnFailure?: boolean
) {
const opts =
optionsOrClientId && typeof optionsOrClientId === 'object'
? optionsOrClientId
: {
clientId: optionsOrClientId,
clientSecret,
refreshToken,
eagerRefreshThresholdMillis,
forceRefreshOnFailure,
};
super({
clientId: opts.clientId,
clientSecret: opts.clientSecret,
eagerRefreshThresholdMillis: opts.eagerRefreshThresholdMillis,
forceRefreshOnFailure: opts.forceRefreshOnFailure,
});
this._refreshToken = opts.refreshToken;
this.credentials.refresh_token = opts.refreshToken;
}
/**
* Refreshes the access token.
* @param refreshToken An ignored refreshToken..
* @param callback Optional callback.
*/
protected async refreshTokenNoCache(
// eslint-disable-next-line @typescript-eslint/no-unused-vars
refreshToken?: string | null
): Promise<GetTokenResponse> {
return super.refreshTokenNoCache(this._refreshToken);
}
/**
* Create a UserRefreshClient credentials instance using the given input
* options.
* @param json The input object.
*/
fromJSON(json: JWTInput): void {
if (!json) {
throw new Error(
'Must pass in a JSON object containing the user refresh token'
);
}
if (json.type !== 'authorized_user') {
throw new Error(
'The incoming JSON object does not have the "authorized_user" type'
);
}
if (!json.client_id) {
throw new Error(
'The incoming JSON object does not contain a client_id field'
);
}
if (!json.client_secret) {
throw new Error(
'The incoming JSON object does not contain a client_secret field'
);
}
if (!json.refresh_token) {
throw new Error(
'The incoming JSON object does not contain a refresh_token field'
);
}
this._clientId = json.client_id;
this._clientSecret = json.client_secret;
this._refreshToken = json.refresh_token;
this.credentials.refresh_token = json.refresh_token;
this.quotaProjectId = json.quota_project_id;
}
/**
* Create a UserRefreshClient credentials instance using the given input
* stream.
* @param inputStream The input stream.
* @param callback Optional callback.
*/
fromStream(inputStream: stream.Readable): Promise<void>;
fromStream(
inputStream: stream.Readable,
callback: (err?: Error) => void
): void;
fromStream(
inputStream: stream.Readable,
callback?: (err?: Error) => void
): void | Promise<void> {
if (callback) {
this.fromStreamAsync(inputStream).then(() => callback(), callback);
} else {
return this.fromStreamAsync(inputStream);
}
}
private async fromStreamAsync(inputStream: stream.Readable): Promise<void> {
return new Promise<void>((resolve, reject) => {
if (!inputStream) {
return reject(
new Error('Must pass in a stream containing the user refresh token.')
);
}
let s = '';
inputStream
.setEncoding('utf8')
.on('error', reject)
.on('data', chunk => (s += chunk))
.on('end', () => {
try {
const data = JSON.parse(s);
this.fromJSON(data);
return resolve();
} catch (err) {
return reject(err);
}
});
});
}
}