Class OAuth2Client (8.5.2)

Inheritance

EventEmitter > AuthClient > OAuth2Client

Package

google-auth-library

Constructors

(constructor)(options)

constructor(options?: OAuth2ClientOptions);

Handles OAuth2 flow for Google APIs.

Parameter
NameDescription
options OAuth2ClientOptions

(constructor)(clientId, clientSecret, redirectUri)

constructor(clientId?: string, clientSecret?: string, redirectUri?: string);

Constructs a new instance of the OAuth2Client class

Parameters
NameDescription
clientId string
clientSecret string
redirectUri string

Properties

_clientId

_clientId?: string;

_clientSecret

_clientSecret?: string;

apiKey

apiKey?: string;

eagerRefreshThresholdMillis

eagerRefreshThresholdMillis: number;

forceRefreshOnFailure

forceRefreshOnFailure: boolean;

GOOGLE_TOKEN_INFO_URL

protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";

projectId

projectId?: string;

refreshHandler

refreshHandler?: GetRefreshHandlerCallback;

refreshTokenPromises

protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>;

Methods

generateAuthUrl(opts)

generateAuthUrl(opts?: GenerateAuthUrlOpts): string;

Generates URL for consent page landing.

Parameter
NameDescription
opts GenerateAuthUrlOpts

Options. URL to consent page.

Returns
TypeDescription
string

generateCodeVerifier()

generateCodeVerifier(): void;
Returns
TypeDescription
void

generateCodeVerifierAsync()

generateCodeVerifierAsync(): Promise<CodeVerifierResults>;

Convenience method to automatically generate a code_verifier, and its resulting SHA256. If used, this must be paired with a S256 code_challenge_method.

For a full example see: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js

Returns
TypeDescription
Promise<CodeVerifierResults>

getAccessToken()

getAccessToken(): Promise<GetAccessTokenResponse>;

Get a non-expired access token, after refreshing if necessary

Returns
TypeDescription
Promise<GetAccessTokenResponse>

getAccessToken(callback)

getAccessToken(callback: GetAccessTokenCallback): void;
Parameter
NameDescription
callback GetAccessTokenCallback
Returns
TypeDescription
void

getFederatedSignonCerts()

getFederatedSignonCerts(): Promise<FederatedSignonCertsResponse>;

Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.

Returns
TypeDescription
Promise<FederatedSignonCertsResponse>

getFederatedSignonCerts(callback)

getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback): void;
Parameter
NameDescription
callback GetFederatedSignonCertsCallback
Returns
TypeDescription
void

getFederatedSignonCertsAsync()

getFederatedSignonCertsAsync(): Promise<FederatedSignonCertsResponse>;
Returns
TypeDescription
Promise<FederatedSignonCertsResponse>

getIapPublicKeys()

getIapPublicKeys(): Promise<IapPublicKeysResponse>;

Gets federated sign-on certificates to use for verifying identity tokens. Returns certs as array structure, where keys are key ids, and values are certificates in either PEM or JWK format.

Returns
TypeDescription
Promise<IapPublicKeysResponse>

getIapPublicKeys(callback)

getIapPublicKeys(callback: GetIapPublicKeysCallback): void;
Parameter
NameDescription
callback GetIapPublicKeysCallback
Returns
TypeDescription
void

getIapPublicKeysAsync()

getIapPublicKeysAsync(): Promise<IapPublicKeysResponse>;
Returns
TypeDescription
Promise<IapPublicKeysResponse>

getRequestHeaders(url)

getRequestHeaders(url?: string): Promise<Headers>;

The main authentication interface. It takes an optional url which when present is the endpoint being accessed, and returns a Promise which resolves with authorization header fields.

In OAuth2Client, the result has the form: { Authorization: 'Bearer <access_token_value>' }

Parameter
NameDescription
url string

The optional url being authorized

Returns
TypeDescription
Promise<Headers>

getRequestMetadataAsync(url)

protected getRequestMetadataAsync(url?: string | null): Promise<RequestMetadataResponse>;
Parameter
NameDescription
url string | null
Returns
TypeDescription
Promise<RequestMetadataResponse>

getRevokeTokenUrl(token)

static getRevokeTokenUrl(token: string): string;

Generates an URL to revoke the given token.

Parameter
NameDescription
token string

The existing token to be revoked.

Returns
TypeDescription
string

getToken(code)

getToken(code: string): Promise<GetTokenResponse>;

Gets the access token for the given code.

Parameter
NameDescription
code string

The authorization code.

Returns
TypeDescription
Promise<GetTokenResponse>

getToken(options)

getToken(options: GetTokenOptions): Promise<GetTokenResponse>;
Parameter
NameDescription
options GetTokenOptions
Returns
TypeDescription
Promise<GetTokenResponse>

getToken(code, callback)

getToken(code: string, callback: GetTokenCallback): void;
Parameters
NameDescription
code string
callback GetTokenCallback
Returns
TypeDescription
void

getToken(options, callback)

getToken(options: GetTokenOptions, callback: GetTokenCallback): void;
Parameters
NameDescription
options GetTokenOptions
callback GetTokenCallback
Returns
TypeDescription
void

getTokenInfo(accessToken)

getTokenInfo(accessToken: string): Promise<TokenInfo>;

Obtains information about the provisioned access token. Especially useful if you want to check the scopes that were provisioned to a given token.

Parameter
NameDescription
accessToken string

Required. The Access Token for which you want to get user info.

Returns
TypeDescription
Promise<TokenInfo>

isTokenExpiring()

protected isTokenExpiring(): boolean;

Returns true if a token is expired or will expire within eagerRefreshThresholdMillismilliseconds. If there is no expiry time, assumes the token is not expired or expiring.

Returns
TypeDescription
boolean

refreshAccessToken()

refreshAccessToken(): Promise<RefreshAccessTokenResponse>;

Retrieves the access token using refresh token

Returns
TypeDescription
Promise<RefreshAccessTokenResponse>

refreshAccessToken(callback)

refreshAccessToken(callback: RefreshAccessTokenCallback): void;
Parameter
NameDescription
callback RefreshAccessTokenCallback
Returns
TypeDescription
void

refreshToken(refreshToken)

protected refreshToken(refreshToken?: string | null): Promise<GetTokenResponse>;

Refreshes the access token.

Parameter
NameDescription
refreshToken string | null
Returns
TypeDescription
Promise<GetTokenResponse>

refreshTokenNoCache(refreshToken)

protected refreshTokenNoCache(refreshToken?: string | null): Promise<GetTokenResponse>;
Parameter
NameDescription
refreshToken string | null
Returns
TypeDescription
Promise<GetTokenResponse>

request(opts)

request<T>(opts: GaxiosOptions): GaxiosPromise<T>;

Provides a request implementation with OAuth 2.0 flow. If credentials have a refresh_token, in cases of HTTP 401 and 403 responses, it automatically asks for a new access token and replays the unsuccessful request.

Parameter
NameDescription
opts GaxiosOptions

Request options.

Returns
TypeDescription
GaxiosPromise<T>
Type Parameter
NameDescription
T

request(opts, callback)

request<T>(opts: GaxiosOptions, callback: BodyResponseCallback<T>): void;
Parameters
NameDescription
opts GaxiosOptions
callback BodyResponseCallback<T>
Returns
TypeDescription
void
Type Parameter
NameDescription
T

requestAsync(opts, retry)

protected requestAsync<T>(opts: GaxiosOptions, retry?: boolean): Promise<GaxiosResponse<T>>;
Parameters
NameDescription
opts GaxiosOptions
retry boolean
Returns
TypeDescription
Promise<GaxiosResponse<T>>
Type Parameter
NameDescription
T

revokeCredentials()

revokeCredentials(): GaxiosPromise<RevokeCredentialsResult>;

Revokes access token and clears the credentials object

Returns
TypeDescription
GaxiosPromise<RevokeCredentialsResult>

revokeCredentials(callback)

revokeCredentials(callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameter
NameDescription
callback BodyResponseCallback<RevokeCredentialsResult>
Returns
TypeDescription
void

revokeToken(token)

revokeToken(token: string): GaxiosPromise<RevokeCredentialsResult>;

Revokes the access given to token.

Parameter
NameDescription
token string

The existing token to be revoked.

Returns
TypeDescription
GaxiosPromise<RevokeCredentialsResult>

revokeToken(token, callback)

revokeToken(token: string, callback: BodyResponseCallback<RevokeCredentialsResult>): void;
Parameters
NameDescription
token string
callback BodyResponseCallback<RevokeCredentialsResult>
Returns
TypeDescription
void

verifyIdToken(options)

verifyIdToken(options: VerifyIdTokenOptions): Promise<LoginTicket>;

Verify id token is token by checking the certs and audience

Parameter
NameDescription
options VerifyIdTokenOptions

that contains all options.

Returns
TypeDescription
Promise<LoginTicket>

verifyIdToken(options, callback)

verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null, login?: LoginTicket) => void): void;
Parameters
NameDescription
options VerifyIdTokenOptions
callback (err: Error | null, login?: LoginTicket) => void
Returns
TypeDescription
void

verifySignedJwtWithCerts()

verifySignedJwtWithCerts(): void;
Returns
TypeDescription
void

verifySignedJwtWithCertsAsync(jwt, certs, requiredAudience, issuers, maxExpiry)

verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>;

Verify the id token is signed with the correct certificate and is from the correct audience.

Parameters
NameDescription
jwt string

The jwt to verify (The ID Token in this case).

certs Certificates | PublicKeys

The array of certs to test the jwt against.

requiredAudience string | string[]

The audience to test the jwt against.

issuers string[]

The allowed issuers of the jwt (Optional).

maxExpiry number

The max expiry the certificate can be (Optional). Returns a promise resolving to LoginTicket on verification.

Returns
TypeDescription
Promise<LoginTicket>