apps-script-oauth2 icon indicating copy to clipboard operation
apps-script-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon googleworkspace

Also, this is a service account. I am unsure how that factors into things here.

Open freaki7 opened this issue 2 years ago • 3 comments

Also, this is a service account. I am unsure how that factors into things here.

Edit:

I'm using service.getIdToken() to retrieve the identity token.

Originally posted by @biowalker in https://github.com/googleworkspace/apps-script-oauth2/issues/322#issuecomment-1290921326

freaki7 avatar Oct 25 '22 17:10 freaki7

I am unsure what happened that this got created.... There's more context in the linked comment thread.

Essentially I'm trying to access an identity token for a service account, but getIdToken() is returning undefined. Here's how I'm creating my service:

function getOAuthService(user) {
  const properties = PropertiesService.getScriptProperties();
  const private_key = properties.getProperty("private_key").replace(/\\n/g, "\n");
  const client_email = properties.getProperty("client_email");

  return OAuth2.createService('Service Account')
    .setTokenUrl('https://accounts.google.com/o/oauth2/token')
    .setPrivateKey(private_key)
    .setIssuer(client_email)
    .setScope('openid');
}

biowalker avatar Oct 25 '22 18:10 biowalker

got same problem. I got access_token via Service.getToken , but it doesn't contain id_token . I need it to access Cloud Functions my-function.

  const service =  OAuth2.createService('CloudFunctions')
    .setTokenUrl('https://accounts.google.com/o/oauth2/token')
    //.setTokenUrl('https://oauth2.googleapis.com/token') // I tried both tokenUrl patterns.
    .setPrivateKey(serviceAccount.private_key)
    .setIssuer(serviceAccount.client_email)
    .setScope('https://www.googleapis.com/auth/cloud-platform openid');

  service.getToken();

and I got below.

{
  "access_token": "ya29.c.XXXXXX....",
  "expires_in": 3599,
  "token_type": "Bearer",
  "expiresAt": 1697112737
}

Why can I not get id_token, nor access getIdToken method? https://github.com/googleworkspace/apps-script-oauth2/blob/main/src/Service.js#L516-L537

shin-t-o avatar Oct 12 '23 11:10 shin-t-o

try something like

const {google} = require('google-auth-library');
const SCOPES = ['https://www.googleapis.com/auth/cloud-platform', 'openid'];

async function getIdToken() {
  const auth = new google.auth.GoogleAuth({
    scopes: SCOPES,
  });
  const authClient = await auth.getClient();
  const idToken = await authClient.idToken;
  return idToken;
}

Khnaz35 avatar Oct 12 '23 14:10 Khnaz35