google-auth-library

What is google-auth-library?

The google-auth-library npm package is a comprehensive library for OAuth2 and Google Sign-in authentication for Node.js applications. It provides easy-to-use methods to authenticate users, obtain access tokens, and interact with Google APIs.

What are google-auth-library's main functionalities?

OAuth2 Client

This feature allows you to create an OAuth2 client, generate an authentication URL, and exchange an authorization code for an access token.

const { OAuth2Client } = require('google-auth-library');
const oAuth2Client = new OAuth2Client(CLIENT_ID, CLIENT_SECRET, REDIRECT_URI);
// Generate an authentication URL
const authUrl = oAuth2Client.generateAuthUrl({
  access_type: 'offline',
  scope: ['https://www.googleapis.com/auth/drive']
});
// Exchange authorization code for access token
oAuth2Client.getToken(code, (err, token) => {
  if (err) return console.error('Error retrieving access token', err);
  oAuth2Client.setCredentials(token);
});

Google Sign-in

This feature allows you to verify the Google ID token for Google Sign-in and retrieve user information from the payload.

const { OAuth2Client } = require('google-auth-library');
const client = new OAuth2Client(CLIENT_ID);
async function verify() {
  const ticket = await client.verifyIdToken({
      idToken: token,
      audience: CLIENT_ID
  });
  const payload = ticket.getPayload();
  const userid = payload['sub'];
}
verify().catch(console.error);

Application Default Credentials

This feature allows you to authenticate using the default credentials that Google provides for applications running on Google Cloud Platform or elsewhere.

const { google } = require('google-auth-library');
async function main() {
  const auth = new google.auth.GoogleAuth({
    scopes: 'https://www.googleapis.com/auth/cloud-platform'
  });
  const client = await auth.getClient();
  const projectId = await auth.getProjectId();
  const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
  const res = await client.request({ url });
  console.log(res.data);
}
main().catch(console.error);

Other packages similar to google-auth-library

passport-google-oauth20

This package is a strategy for Passport.js that allows you to authenticate users using Google OAuth 2.0. It is similar to google-auth-library in that it provides OAuth2 functionality, but it is specifically designed to work within the Passport.js middleware pattern.

node-oauth2-server

node-oauth2-server is a library that allows you to implement an OAuth2 server in Node.js applications. It differs from google-auth-library as it is not specific to Google's OAuth2 implementation and can be used to create a custom OAuth2 service.

README

Google APIs Node.js Client

This is Google's officially supported node.js client library for using OAuth 2.0 authorization and authentication with Google APIs.

Questions/problems?

• Ask your development related questions on
• If you've found an bug/issue, please file it on GitHub.

Installation

This library is distributed on npm. To add it as a dependency, run the following command:

$ npm install google-auth-library --save

Application Default Credentials

This library provides an implementation of Application Default Credentials for Node.js.

The Application Default Credentials provide a simple way to get authorization credentials for use in calling Google APIs.

They are best suited for cases when the call needs to have the same identity and authorization level for the application independent of the user. This is the recommended approach to authorize calls to Cloud APIs, particularly when you're building an application that uses Google Compute Engine.

Download your Service Account Credentials JSON file

To use Application Default Credentials, You first need to download a set of JSON credentials for your project. Go to APIs & Auth > Credentials in the Google Developers Console and select Service account from the Add credentials dropdown.

This file is your only copy of these credentials. It should never be committed with your source code, and should be stored securely.

Once downloaded, store the path to this file in the GOOGLE_APPLICATION_CREDENTIALS environment variable.

Enable the API you want to use

Before making your API call, you must be sure the API you're calling has been enabled. Go to APIs & Auth > APIs in the Google Developers Console and enable the APIs you'd like to call. For the example below, you must enable the DNS API.

Call an API

As long as you update the environment variable below to point to your JSON credentials file, and the fill in the placeholder variables from your project, the following snippet should work.

var google = require('googleapis');
var GoogleAuth = require('google-auth-library');

var authFactory = new GoogleAuth();
var dns = google.dns('v1');

authFactory.getApplicationDefault(function(err, authClient) {
  if (err) {
    console.log('Authentication failed because of ', err);
    return;
  }
  if (authClient.createScopedRequired && authClient.createScopedRequired()) {
    var scopes = ['https://www.googleapis.com/auth/cloud-platform'];
    authClient = authClient.createScoped(scopes);
  }

  var request = {
    // TODO: Change placeholders below to values for parameters to the 'get' method:

    // Identifies the project addressed by this request.
    project: "",
    // Identifies the managed zone addressed by this request. Can be the managed zone name or id.
    managedZone: "",
    // The identifier of the requested change, from a previous ResourceRecordSetsChangeResponse.
    changeId: "",
    // Auth client
    auth: authClient
  };

  dns.changes.get(request, function(err, result) {
    if (err) {
      console.log(err);
    } else {
      console.log(result);
    }
  });
});

Contributing

See CONTRIBUTING.

License

This library is licensed under Apache 2.0. Full license text is available in COPYING.