search

googleapis / google-api-nodejs-client

Google's officially supported Node.js client library for accessing Google APIs. Support for authorization and authentication with OAuth 2.0, API Keys and JWT (Service Tokens) is included.
https://googleapis.dev/nodejs/googleapis/latest/
Apache License 2.0
11.34k stars 1.92k forks source link

Documentation required for making requests as a service account #188

Closed nexus-uw closed 10 years ago

nexus-uw commented 10 years ago

Currently, only making requests as the authorized user is documented. I would like to be able to know how to properly make api calls as a service account (aka use jwt authorization). I am currently grasping at straws as every so often the library crashes due to some error in the jwt authorize call, see:

  var ret = this._binding.sign(toBuf(key));  
                          ^
TypeError: Not a buffer  
    at Sign.sign (crypto.js:398:27)  
    at createRS256Signature (..../googleapis/node_modules/gapitoken/node_modules/jws/index.js:75:58)  
    at jwsRS256Sign (.../googleapis/node_modules/gapitoken/node_modules/jws/index.js:68:21)
    at Object.jwsSign [as sign] (.../googleapis/node_modules/gapitoken/node_modules/jws/index.js:32:12)
    at GAPI.getAccessToken (.../googleapis/node_modules/gapitoken/gapitoken.js:56:25)
    at GAPI.getToken (.../googleapis/node_modules/gapitoken/gapitoken.js:35:14)
    at JWT.refreshToken_ (.../googleapis/lib/auth/jwtclient.js:83:13)
    at .../googleapis/lib/auth/jwtclient.js:64:12
    at .../googleapis/node_modules/gapitoken/gapitoken.js:20:17
    at fs.js:266:14```

Thank you,
Simon
rakyll commented 10 years ago

Configure a JWT auth client with your service account email and the pem file that contains your private key. Google Developers Console only provide p12 files, you can convert a p12 to pem with the following command:

openssl pkcs12 -in <key.p12> -nocerts -passin pass:notasecret -nodes -out <key.pem>

Construct a jwt client, and auth your requests.

var jwt = new googleapis.auth.JWT(
        'serviceaccount@email.com',
        '/path/to/key.pem',
        null,
        [scope1, scope2],
        'bar@subjectaccount.com');

client.drive.files.list().withAuthClient(jwt).execute(function(err, files) {

});
nexus-uw commented 10 years ago

thank you

coreybutler commented 9 years ago

I don't think this issue should be closed until there is something about this in the documentation. Had I not hunted through the closed issues, this information would have been lost to me.

ryanseys commented 9 years ago

@coreybutler Added a section to the README: https://github.com/google/google-api-nodejs-client#using-jwt-service-tokens

Let me know if this suits your fancy.

coreybutler commented 9 years ago

@ryanseys - yup, thanks!