Skip to content
XOAuth2 token generation with node.js
Branch: master
Clone or download
Latest commit 168af72 Dec 25, 2016
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Remove dependency on jsonwebtoken. Jun 18, 2016
.gitignore Always use seconds for timeout. Bumped version to 1.0.0 Oct 13, 2014
.travis.yml v1.2.0 Jul 29, 2016
Gruntfile.js Always use seconds for timeout. Bumped version to 1.0.0 Oct 13, 2014
LICENSE Update Dec 24, 2016


XOAuth2 token generation with node.js


npm install xoauth2 --save


xoauth2 generates XOAUTH2 login tokens from provided Client and User credentials.

Use xoauth2.createXOAuth2Generator(options) to initialize Token Generator

Possible options values:

See for generating the required credentials

For Google service account the option values are:

  • service (Required) Service account email.
  • user (Required) User e-mail address
  • scope (Required) OAuth2 scope.
  • privateKey (Required) Private key issued for the service account in PEM format, as a string.
  • serviceRequestTimeout (Optional) Expiration value to use in the token request in seconds. Maximum is 3600.
  • accessUrl (Optional) Endpoint for token generation (defaults to
  • accessToken (Optional) initial access token. If not set, a new one will be generated
  • timeout (Optional) TTL in seconds
  • customHeaders (Optional) custom headers to send during token generation request
  • customParams (Optional) custom payload to send on getToken request


Request an access token

Use xoauth2obj.getToken(callback) to get an access token. If a cached token is found and it should not be expired yet, the cached value will be used.

Request for generating a new access token

Use xoauth2obj.generateToken(callback) to get an access token. Cache will not be used and a new token is generated.

Update access token values

Use xoauth2obj.updateToken(accessToken, timeout) to set the new value for the xoauth2 access token. This function emits 'token'


If a new token value has been set, 'token' event is emitted.

xoauth2obj.on("token", function(token){
    console.log("User: ", token.user); // e-mail address
    console.log("New access token: ", token.accessToken);
    console.log("New access token timeout: ", token.timeout); // TTL in seconds


var xoauth2 = require("xoauth2"),

xoauth2gen = xoauth2.createXOAuth2Generator({
    user: "",
    clientId: "{Client ID}",
    clientSecret: "{Client Secret}",
    refreshToken: "{User Refresh Token}",
    customHeaders: {
      "HeaderName": "HeaderValue"
    customPayload: {
      "payloadParamName": "payloadValue"

// ... or for a Google service account
xoauth2gen = xoauth2.createXOAuth2Generator({
    user: "",
    service: '{Service Email Address}',
    scope: '',
    privateKey: '{Private Key in PEM format}'

xoauth2gen.getToken(function(err, token){
        return console.log(err);
    console.log("AUTH XOAUTH2 " + token);

xoauth2gen.getToken(function(err, token, accessToken){
        return console.log(err);
    console.log("Authorization: Bearer " + accessToken);



You can’t perform that action at this time.