Skip to main content

Notifications

Announcements

No record found.

Small and medium business | Business Central, N...
Suggested answer

Google API token with Service Account

(0) ShareShare
ReportReport
Posted on by 15

Intent: try to upload files to Google Storage Folder

Auth type: google Service Account with Private Key

i have to run the following script to obtain token from google.

This script auto-generates a Google OAuth token from a Service Account key,

* and stores that token in accessToken variable in Postman.

*

* Prior to invoking it, please paste the contents of the key JSON

* into serviceAccountKey variable in a Postman environment.

*

* Then, paste the script into the "Pre-request Script" section

* of a Postman request or collection.

*

* The script will cache and reuse the token until it's within

* a margin of expiration defined in EXPIRES_MARGIN.

*

* Thanks to:

* paw.cloud/.../google-service-apis

* developers.google.com/.../OAuth2ServiceAccount

* gist.github.com/.../b57985b0649d3407a7aa9de1bd327990

* github.com/.../1607

*/

const ENV_SERVICE_ACCOUNT_KEY = 'serviceAccountKey';

const ENV_JS_RSA_SIGN = 'jsrsasign';

const ENV_TOKEN_EXPIRES_AT = 'tokenExpiresAt';

const ENV_ACCESS_TOKEN = 'accessToken';

const JS_RSA_SIGN_SRC = 'kjur.github.io/.../jsrsasign-latest-all-min.js';

const GOOGLE_OAUTH = 'www.googleapis.com/.../token';

// add/remove your own scopes as needed

const SCOPES = [

   'https://www.googleapis.com/auth/cloud-platform'

];

const EXPIRES_MARGIN = 300; // seconds before expiration

const getEnv = name =>

   pm.environment.get(name);

const setEnv = (name, value) =>

   pm.environment.set(name, value);

const getJWS = callback => {

   // workaround for compatibility with jsrsasign

   const navigator = {};

   const window = {};

   let jsrsasign = getEnv(ENV_JS_RSA_SIGN);

   if (jsrsasign) {

       eval(jsrsasign);

       return callback(null, KJUR.jws.JWS);

   }

   pm.sendRequest(JS_RSA_SIGN_SRC, (err, res) => {

       if (err) return callback(err);

       jsrsasign = res.text();

       setEnv(ENV_JS_RSA_SIGN, jsrsasign);

       eval(jsrsasign);

       callback(null, KJUR.jws.JWS);

   });

};

const getJwt = ({ client_email, private_key }, iat, callback) => {

   getJWS((err, JWS) => {

       if (err) return callback(err);

       const header = {

           typ: 'JWT',

           alg: 'RS256',

       };

       const exp = iat + 3600;

       const payload = {

           aud: GOOGLE_OAUTH,

           iss: client_email,

           scope: SCOPES.join(' '),

           iat,

           exp,

       };

       const jwt = JWS.sign(null, header, payload, private_key);

       callback(null, jwt, exp);

   });

};

const getToken = (serviceAccountKey, callback) => {

   const now = Math.floor(Date.now() / 1000);

   if (now + EXPIRES_MARGIN < getEnv(ENV_TOKEN_EXPIRES_AT)) {

       return callback();

   }

   getJwt(serviceAccountKey, now, (err, jwt, exp) => {

       if (err) return callback(err);

       const req = {

           url: GOOGLE_OAUTH,

           method: 'POST',

           header: {

               'Content-Type': 'application/x-www-form-urlencoded',

           },

           body: {

             mode: 'urlencoded',

             urlencoded: [{

                 key: 'grant_type',

                 value: 'urn:ietf:params:oauth:grant-type:jwt-bearer',

             },{

                 key: 'assertion',

                 value: jwt,

             }],

           },

       };

       pm.sendRequest(req, (err, res) => {

           if (err) return callback(err);

           const accessToken = res.json().access_token;

           setEnv(ENV_ACCESS_TOKEN, accessToken);

           setEnv(ENV_TOKEN_EXPIRES_AT, exp);

           callback();

       });

   });

};

const getServiceAccountKey = callback => {

   try {

       const keyMaterial = getEnv(ENV_SERVICE_ACCOUNT_KEY);

       const serviceAccountKey = JSON.parse(keyMaterial);

       callback(null, serviceAccountKey);

   } catch (err) {

       callback(err);

   }

};

getServiceAccountKey((err, serviceAccountKey) => {

   if (err) throw err;

   getToken(serviceAccountKey, err => {

       if (err) throw err;

   });

});

can anyone help me out with the logic and how to query google.

  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 75,595 Super User 2024 Season 2 on at
    RE: Google API token with Service Account

    Hi, hope the following helps.

    https://developers.google.com/drive/api/guides/search-files

    Thanks.

    ZHU

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December!

Congratulations to our December super stars! 🥳

Get Started Blogging in the Community

Hosted or syndicated blogging is available! ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,642 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,371 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans