Inheritance
AuthClient
>
OAuth2Client
Package
google-auth-library!
Constructors
(constructor)(options)
constructor(options?: OAuth2ClientOptions);
Handles OAuth2 flow for Google APIs.
Parameter
(constructor)(clientId, clientSecret, redirectUri)
constructor(clientId?: string, clientSecret?: string, redirectUri?: string);
Constructs a new instance of the OAuth2Client
class
Parameters
Name | Description |
clientId |
string
|
clientSecret |
string
|
redirectUri |
string
|
Properties
_clientId
Property Value
_clientSecret
Property Value
apiKey
Property Value
eagerRefreshThresholdMillis
eagerRefreshThresholdMillis: number;
Property Value
forceRefreshOnFailure
forceRefreshOnFailure: boolean;
Property Value
GOOGLE_TOKEN_INFO_URL
protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";
projectId
Property Value
refreshTokenPromises
protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>;
Property Value
Type | Description |
Map<string, Promise<GetTokenResponse>> | |
Methods
generateAuthUrl(opts)
generateAuthUrl(opts?: GenerateAuthUrlOpts): string;
Generates URL for consent page landing.
Parameter
Returns
generateCodeVerifier()
generateCodeVerifier(): void;
Returns
generateCodeVerifierAsync()
generateCodeVerifierAsync(): Promise<CodeVerifierResults>;
Returns
getAccessToken()
getAccessToken(): Promise<GetAccessTokenResponse>;
Get a non-expired access token, after refreshing if necessary
Returns
Type | Description |
Promise<GetAccessTokenResponse> | |
getAccessToken(callback)
getAccessToken(callback: GetAccessTokenCallback): void;
Parameter
Name | Description |
callback |
GetAccessTokenCallback
|
Returns
getFederatedSignonCerts()
getFederatedSignonCerts(): Promise<FederatedSignonCertsResponse>;
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
Returns
Type | Description |
Promise<FederatedSignonCertsResponse> | |
getFederatedSignonCerts(callback)
getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback): void;
Parameter
Name | Description |
callback |
GetFederatedSignonCertsCallback
|
Returns
getFederatedSignonCertsAsync()
getFederatedSignonCertsAsync(): Promise<FederatedSignonCertsResponse>;
Returns
Type | Description |
Promise<FederatedSignonCertsResponse> | |
getIapPublicKeys()
getIapPublicKeys(): Promise<IapPublicKeysResponse>;
Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.
Returns
Type | Description |
Promise<IapPublicKeysResponse> | |
getIapPublicKeys(callback)
getIapPublicKeys(callback: GetIapPublicKeysCallback): void;
Parameter
Name | Description |
callback |
GetIapPublicKeysCallback
|
Returns
getIapPublicKeysAsync()
getIapPublicKeysAsync(): Promise<IapPublicKeysResponse>;
Returns
Type | Description |
Promise<IapPublicKeysResponse> | |
getRequestHeaders(url?: string): Promise<Headers>;
The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.
In OAuth2Client, the result has the form: { Authorization: 'Bearer <access_token_value>' }
Parameter
Name | Description |
url |
string
The optional url being authorized
|
Returns
Type | Description |
Promise<Headers> | |
protected getRequestMetadataAsync(url?: string | null): Promise<RequestMetadataResponse>;
Parameter
Name | Description |
url |
string | null
|
Returns
Type | Description |
Promise<RequestMetadataResponse> | |
getRevokeTokenUrl(token)
static getRevokeTokenUrl(token: string): string;
Generates an URL to revoke the given token.
Parameter
Name | Description |
token |
string
The existing token to be revoked.
|
Returns
getToken(code)
getToken(code: string): Promise<GetTokenResponse>;
Gets the access token for the given code.
Parameter
Name | Description |
code |
string
The authorization code.
|
Returns
Type | Description |
Promise<GetTokenResponse> | |
getToken(options)
getToken(options: GetTokenOptions): Promise<GetTokenResponse>;
Parameter
Returns
Type | Description |
Promise<GetTokenResponse> | |
getToken(code, callback)
getToken(code: string, callback: GetTokenCallback): void;
Parameters
Name | Description |
code |
string
|
callback |
GetTokenCallback
|
Returns
getToken(options, callback)
getToken(options: GetTokenOptions, callback: GetTokenCallback): void;
Parameters
Returns
getTokenInfo(accessToken)
getTokenInfo(accessToken: string): Promise<TokenInfo>;
Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.
Parameter
Name | Description |
accessToken |
string
Required. The Access Token for which you want to get user info.
|
Returns
isTokenExpiring()
protected isTokenExpiring(): boolean;
Returns true if a token is expired or will expire within eagerRefreshThresholdMillismilliseconds. If there is no expiry time, assumes the token is not expired or expiring.
Returns
refreshAccessToken()
refreshAccessToken(): Promise<RefreshAccessTokenResponse>;
Retrieves the access token using refresh token
Returns
Type | Description |
Promise<RefreshAccessTokenResponse> | |
refreshAccessToken(callback)
refreshAccessToken(callback: RefreshAccessTokenCallback): void;
Parameter
Name | Description |
callback |
RefreshAccessTokenCallback
|
Returns
refreshToken(refreshToken)
protected refreshToken(refreshToken?: string | null): Promise<GetTokenResponse>;
Refreshes the access token.
Parameter
Name | Description |
refreshToken |
string | null
|
Returns
Type | Description |
Promise<GetTokenResponse> | |
refreshTokenNoCache(refreshToken)
protected refreshTokenNoCache(refreshToken?: string | null): Promise<GetTokenResponse>;
Parameter
Name | Description |
refreshToken |
string | null
|
Returns
Type | Description |
Promise<GetTokenResponse> | |
request(opts)
request<T>(opts: GaxiosOptions): GaxiosPromise<T>;
Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.
Parameter
Name | Description |
opts |
GaxiosOptions
Request options.
|
Returns
Type | Description |
GaxiosPromise<T> | |
Type Parameter
request(opts, callback)
request<T>(opts: GaxiosOptions, callback: BodyResponseCallback<T>): void;
Parameters
Name | Description |
opts |
GaxiosOptions
|
callback |
BodyResponseCallback<T>
|
Returns
Type Parameter
requestAsync(opts, retry)
protected requestAsync<T>(opts: GaxiosOptions, retry?: boolean): Promise<GaxiosResponse<T>>;
Parameters
Name | Description |
opts |
GaxiosOptions
|
retry |
boolean
|
Returns
Type | Description |
Promise<GaxiosResponse<T>> | |
Type Parameter
revokeCredentials()
revokeCredentials(): GaxiosPromise<RevokeCredentialsResult>;
Revokes access token and clears the credentials object
Returns
Type | Description |
GaxiosPromise<RevokeCredentialsResult> | |
revokeCredentials(callback)
revokeCredentials(callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameter
Name | Description |
callback |
BodyResponseCallback<RevokeCredentialsResult>
|
Returns
revokeToken(token)
revokeToken(token: string): GaxiosPromise<RevokeCredentialsResult>;
Revokes the access given to token.
Parameter
Name | Description |
token |
string
The existing token to be revoked.
|
Returns
Type | Description |
GaxiosPromise<RevokeCredentialsResult> | |
revokeToken(token, callback)
revokeToken(token: string, callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameters
Name | Description |
token |
string
|
callback |
BodyResponseCallback<RevokeCredentialsResult>
|
Returns
verifyIdToken(options)
verifyIdToken(options: VerifyIdTokenOptions): Promise<LoginTicket>;
Verify id token is token by checking the certs and audience
Parameter
Returns
verifyIdToken(options, callback)
verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null, login?: LoginTicket) => void): void;
Parameters
Returns
verifySignedJwtWithCerts()
verifySignedJwtWithCerts(): void;
Returns
verifySignedJwtWithCertsAsync(jwt, certs, requiredAudience, issuers, maxExpiry)
verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>;
Verify the id token is signed with the correct certificate and is from the correct audience.
Parameters
Name | Description |
jwt |
string
The jwt to verify (The ID Token in this case).
|
certs |
Certificates | PublicKeys
The array of certs to test the jwt against.
|
requiredAudience |
string | string[]
The audience to test the jwt against.
|
issuers |
string[]
The allowed issuers of the jwt (Optional).
|
maxExpiry |
number
The max expiry the certificate can be (Optional). Returns a promise resolving to LoginTicket on verification.
|
Returns