Skip to content
Implementation of Google OAuth 2.0 for server-to-server interactions
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
.gitignore
.versions
LICENSE
README.md
package.js
versions.json

README.md

Meteor Google OAuth JWT

Implementation of Google OAuth 2.0 for server-to-server interactions for Meteor (v0.9.0+).

This library is mostly based on the Google OAuth JWT library by Nicolas Mercier (extrabacon). However it was rewritten to support Meteor HTTP package and to work synchronously.

The library generates JWT tokens to establish identity for an API, without an end-user being involved. This is the preferred scenario for server-side communications. It can be used to interact with Google APIs requiring access to user data (such as Google Drive, Calendar, etc.) for which URL-based callbacks and user authorization prompts are not appropriate.

Tokens are generated for a service account, which is created from the Google API console. Service accounts must also be granted access to resources, using traditional assignation of permissions using the unique service account email address.

The authentication process is implemented following the specifications found here.

This package also integrates with HTTP package to seamlessly query Google RESTful APIs. Integration with the package provides automatic requesting for tokens, as well as built-in token caching.

Installation

Google OAuth JWT package can be installed using Meteor package system. Just type in the command line:

$ meteor add jagi:google-oauth-jwt

Encoding JWT

You can encode JSON Web Token (JWT) manually...

var JWT = GoogleOAuthJWT.encodeJWT({
  email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
  key: Assets.getText('key.pem'), // Get key file from assets
  scopes: [
    'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
    'https://www.googleapis.com/auth/userinfo.email' // Old scope name
  ]
});

Requesting access token

... or you can accquire access token directly.

var accessToken = GoogleOAuthJWT.authenticate({
  email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
  key: Assets.getText('key.pem'), // Get key file from assets
  scopes: [
    'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
    'https://www.googleapis.com/auth/userinfo.email' // Old scope name
  ]
});

Making HTTP request

The library provides easy way to make an HTTP calls without thinkig about access tokens and JWTs. It also supports caching so it limits number of calls to the Google servers and makes things faster. For sub (optional) pass in the email address of the user for which the application is requesting delegated access.

HTTPJWT.setJWTOptions({ // Just call this once to set JWT
  email: '<google_service_account_email_local_part>@developer.gserviceaccount.com',
  key: Assets.getText('key.pem'), // Get key file from assets
  scopes: [
    'https://www.googleapis.com/auth/plus.profile.emails.read', // New scope name
    'https://www.googleapis.com/auth/userinfo.email' // Old scope name
  ],
  sub: 'user@example.com'
});

// Accessing endpoints REST api
var url = 'https://<application_name>.appspot.com/_ah/api/<application_name>/<version>/<rest_api>';
var result = HTTPJWT.get(url);

console.log(result.data); // Access your data

You can also call HTTPJWT methods in asynchronous way.

var url = 'https://<application_name>.appspot.com/_ah/api/<application_name>/<version>/<rest_api>';
var result = HTTPJWT.get(url, options, function (err, res) {
  // Do something after response
});

// Or just

var result = HTTPJWT.get(url, function (err, res) {
  // Do something after response
});

Key file (*.p12 and *.pem)

You can generate *.p12 key file by following this instruction. Having *.p12 key file, you have to convert it to *.pem format. Instruction how to do it can be found here. Notice that password for accessing key is notasecret.

Key file (*.pem) should be stored inside private directory in your Meteor project's main directory. You can access files in this directory by using Assets.getText() and Assets.getBinar() functions as shown in example codes.

License

MIT

You can’t perform that action at this time.