OAuth2Client

new OAuth2Client(options, clientSecret, redirectUri)

An OAuth2 Client for Google APIs.

Parameters:

Name	Type	Description
`options`		The OAuth2 Client Options. Passing an `clientId` directly is @DEPRECATED.
`clientSecret`		@DEPRECATED. Provide a `OAuth2ClientOptions` object in the first parameter instead.
`redirectUri`		@DEPRECATED. Provide a `OAuth2ClientOptions` object in the first parameter instead.

Members

CLOCK_SKEW_SECS_

Clock skew - five minutes in seconds

DEFAULT_MAX_TOKEN_LIFETIME_SECS_

The default max Token Lifetime is one day in seconds

GOOGLE_TOKEN_INFO_URL

Methods

generateAuthUrl(opts)

Generates URL for consent page landing.

Parameters:

Name	Type	Description
`opts`		Options.

Returns:

Type	Description
	URL to consent page.

(async) generateCodeVerifierAsync()

Convenience method to automatically generate a code_verifier, and its resulting SHA256. If used, this must be paired with a S256 code_challenge_method.

For a full example see: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js

(async) getRequestHeaders()

The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.

In OAuth2Client, the result has the form: { authorization: 'Bearer <access_token_value>' }

getRevokeTokenURL(token)

Generates a URL to revoke the given token.

Parameters:

Name	Type	Description
`token`		The existing token to be revoked.

(async) getTokenInfo(accessToken)

Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.

Parameters:

Name	Type	Description
`accessToken`		Required. The Access Token for which you want to get user info.

isTokenExpiring()

Returns true if a token is expired or will expire within eagerRefreshThresholdMillismilliseconds. If there is no expiry time, assumes the token is not expired or expiring.

(async) processAndValidateRefreshHandler()

Returns a promise that resolves with AccessTokenResponse type if refreshHandler is defined. If not, nothing is returned.

(async) verifySignedJwtWithCertsAsync(jwt, certs, requiredAudience, issuers, maxExpiry)

Verify the id token is signed with the correct certificate and is from the correct audience.

Parameters:

Name	Type	Description
`jwt`		The jwt to verify (The ID Token in this case).
`certs`		The array of certs to test the jwt against.
`requiredAudience`		The audience to test the jwt against.
`issuers`		The allowed issuers of the jwt (Optional).
`maxExpiry`		The max expiry the certificate can be (Optional).

Returns:

Type	Description
	Returns a promise resolving to LoginTicket on verification.

(static) getRevokeTokenUrl(token)

Generates an URL to revoke the given token.

Deprecated: use instance method OAuth2Client.getRevokeTokenURL

Parameters:

Name	Type	Description
`token`		The existing token to be revoked.