search

googleworkspace / apps-script-oauth2

An OAuth2 library for Google Apps Script.
https://developers.google.com/apps-script/
Apache License 2.0
1.56k stars 429 forks source link

Also, this is a service account. I am unsure how that factors into things here. #411

Open freaki7 opened 2 years ago

freaki7 commented 2 years ago

Also, this is a service account. I am unsure how that factors into things here.

Edit:

I'm using service.getIdToken() to retrieve the identity token.

Originally posted by @biowalker in https://github.com/googleworkspace/apps-script-oauth2/issues/322#issuecomment-1290921326

biowalker commented 2 years ago

I am unsure what happened that this got created.... There's more context in the linked comment thread.

Essentially I'm trying to access an identity token for a service account, but getIdToken() is returning undefined. Here's how I'm creating my service:

function getOAuthService(user) {
  const properties = PropertiesService.getScriptProperties();
  const private_key = properties.getProperty("private_key").replace(/\\n/g, "\n");
  const client_email = properties.getProperty("client_email");

  return OAuth2.createService('Service Account')
    .setTokenUrl('https://accounts.google.com/o/oauth2/token')
    .setPrivateKey(private_key)
    .setIssuer(client_email)
    .setScope('openid');
}
shin-t-o commented 1 year ago

got same problem. I got access_token via Service.getToken , but it doesn't contain id_token . I need it to access Cloud Functions my-function.

  const service =  OAuth2.createService('CloudFunctions')
    .setTokenUrl('https://accounts.google.com/o/oauth2/token')
    //.setTokenUrl('https://oauth2.googleapis.com/token') // I tried both tokenUrl patterns.
    .setPrivateKey(serviceAccount.private_key)
    .setIssuer(serviceAccount.client_email)
    .setScope('https://www.googleapis.com/auth/cloud-platform openid');

  service.getToken();

and I got below.

{
  "access_token": "ya29.c.XXXXXX....",
  "expires_in": 3599,
  "token_type": "Bearer",
  "expiresAt": 1697112737
}

Why can I not get id_token, nor access getIdToken method? https://github.com/googleworkspace/apps-script-oauth2/blob/main/src/Service.js#L516-L537

Khnaz35 commented 1 year ago

try something like 


const {google} = require('google-auth-library');
const SCOPES = ['https://www.googleapis.com/auth/cloud-platform', 'openid'];

async function getIdToken() {
  const auth = new google.auth.GoogleAuth({
    scopes: SCOPES,
  });
  const authClient = await auth.getClient();
  const idToken = await authClient.idToken;
  return idToken;
}