Fetch ID Token for Service Account when running in GCloud
npm install google-sa-id-token
Fetch ID Token for Service Account when running in GCloud. Lib also caches
tokens & auto-refreshes, to improve performance.
By default, tokens will expire 2s earlier that actuall expiry date,
to prevent usage of almost expired token. This behaviour can be changed via options.
``sh`
npm i google-sa-id-token
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken();
const token = await client.fetchIdToken(aud);
console.log(token);
// example output
// eyJhbGciOiJSUzI1NiIsImtpZCI6IjAxNWFkMDYwZDJiNDQ1MzU5YzliMTA1ZjgwM2RjNzU4YzI5ZjE5ODJkNjFhMWU0ZjFmZGM4ZjBiN2UyNjVjYzQxZTIwMDVlMjM1YzIxMTQ1IiwidHlwIjoiSldUIn0.eyJhdWQiOiJkZWZhdWx0IiwiYXpwIjoiPGV4YW1wbGUtc2VydmljZS1hY2NvdW50LWlkPiIsImVtYWlsIjoiZXhhbXBsZUBwcm9qZWN0LWlkLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTY0MjYzMTI0Mzg2MCwiaWF0IjoxNjQyNjI3NjQzODYwLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiI8ZXhhbXBsZS1zZXJ2aWNlLWFjY291bnQtaWQ-In0.+UpJvARVRn6ESlEr+Gyk4VA+QJV6QzqQP1E7gY2u5D3oKgjBzhlWcxmihDCCO3BFnACes4sMG+VXXqmuQW/pjw==
`$3
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken({ defaultAudience: aud });
const token = await client.fetchIdToken();
console.log(token);
// example output
// eyJhbGciOiJSUzI1NiIsImtpZCI6IjAxNWFkMDYwZDJiNDQ1MzU5YzliMTA1ZjgwM2RjNzU4YzI5ZjE5ODJkNjFhMWU0ZjFmZGM4ZjBiN2UyNjVjYzQxZTIwMDVlMjM1YzIxMTQ1IiwidHlwIjoiSldUIn0.eyJhdWQiOiJkZWZhdWx0IiwiYXpwIjoiPGV4YW1wbGUtc2VydmljZS1hY2NvdW50LWlkPiIsImVtYWlsIjoiZXhhbXBsZUBwcm9qZWN0LWlkLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTY0MjYzMTI0Mzg2MCwiaWF0IjoxNjQyNjI3NjQzODYwLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiI8ZXhhbXBsZS1zZXJ2aWNlLWFjY291bnQtaWQ-In0.+UpJvARVRn6ESlEr+Gyk4VA+QJV6QzqQP1E7gY2u5D3oKgjBzhlWcxmihDCCO3BFnACes4sMG+VXXqmuQW/pjw==
`$3
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken();
const token = await client.fetchIdTokenDecoded(aud);
console.log(token);
// example output
// {
// raw: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjAxNWFkMDYwZDJiNDQ1MzU5YzliMTA1ZjgwM2RjNzU4YzI5ZjE5ODJkNjFhMWU0ZjFmZGM4ZjBiN2UyNjVjYzQxZTIwMDVlMjM1YzIxMTQ1IiwidHlwIjoiSldUIn0.eyJhdWQiOiJkZWZhdWx0IiwiYXpwIjoiPGV4YW1wbGUtc2VydmljZS1hY2NvdW50LWlkPiIsImVtYWlsIjoiZXhhbXBsZUBwcm9qZWN0LWlkLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTY0MjYzMTI0Mzg2MCwiaWF0IjoxNjQyNjI3NjQzODYwLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJzdWIiOiI8ZXhhbXBsZS1zZXJ2aWNlLWFjY291bnQtaWQ-In0.+UpJvARVRn6ESlEr+Gyk4VA+QJV6QzqQP1E7gY2u5D3oKgjBzhlWcxmihDCCO3BFnACes4sMG+VXXqmuQW/pjw==",
// payload: {
// aud: 'default',
// azp: '',
// email: 'example@project-id.iam.gserviceaccount.com',
// email_verified: true,
// exp: 1642631243860,
// iat: 1642627643860,
// iss: 'https://accounts.google.com',
// sub: ''
// }
// }
`$3
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken();
const token = await client.fetchIdTokenNoCache(aud);
console.log(token);
// example output
// {
// raw: ".......",
// payload: {
// ...
// }
// }
`$3
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken({ serviceAccountEmail: 'example@project-id.iam.iam.gserviceaccount.com' });
const token = await client.fetchIdTokenNoCache(aud);
`$3
Lib allows you to 'hook in' to different parts of flow,
by providing optional logger instance.
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const logger = {
info: console.log,
error: console.error,
}
const client = new GoogleSaIdToken({ logger });
const token = await client.fetchIdToken(aud);
// your console logs will be invoked
`$3
typescript
import { GoogleSaIdToken } from 'google-sa-id-token';const client = new GoogleSaIdToken({ tokenExpiryMargin: 10000 / 10 seconds / });
const token = await client.fetchIdTokenNoCache(aud);
`$3
typescript
import { GoogleSaIdToken, decodeSaToken } from 'google-sa-id-token';const client = new GoogleSaIdToken({ tokenExpiryMargin: 10000 / 10 seconds / });
const token = await client.fetchIdTokenNoCache(aud);
// utils
const decoded = decodeSaToken(token);
const sampleToken = generateExampleSaToken({ aud: 'override' });
// testing example with jest
jest
.spyOn(GoogleSaIdToken.prototype, 'fetchIdToken')
.mockResolvedValue(
Promise.resolve(generateExampleSaToken({ aud: 'test' }).raw),
);
``
Bootstrapped with: create-ts-lib-gh
This project is MIT Licensed.