Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

google-auth-wrapper

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

google-auth-wrapper

Wrapper to simplify interaction with google oauth apis

  • 0.5.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

google-auth-wrapper

Wrapper to simplify google authentication for server side application.

It provides the following methods:

  • authorize
  • execute

Together these will allow your application to create the required artifacts to be able to interact with the google apis.

As a pre-req you need to need to add set of credentials for your application in the Google developers console as outlined here (Step 1): [https://developers.google.com/drive/v3/web/quickstart/nodejs] (https://developers.google.com/drive/v3/web/quickstart/nodejs)

authorize

authorize handles the interaction with the google oauth infrastructure and provides a plugable inteface for providing your own interaction to ask the user to navigate to the required url and to provide the code returned.

The authorize method takes the following parameters:

  • storagePath - directory in which client secrets are located and where refresh token will be stored once authorization is complete
  • clientSecrets - the name of the file which contains the google client secrets minus the '.json' file type
  • scopes - the rights you are requesting for your application
  • authCallback - your function that will be called to ask the user to naviate to a google url, authorize your application and then provide the code from that url.

authCallback has the following signature:

function(url, provideCode)

with the following parameters:

  • the url to ask the user to navigate to
  • provideCode a function you must call passing in the code that the user gets when they authorize your application at the url provided.

Once authenticated, there will be a file with the same name as your clientSecrets file but with the '.token' file type. For example, if clientSecrets was 'foo' you should end up with:

  • foo.json
  • foo.token

It should be possible to copy these files and use them with different machines and or directories.

execute

The execute function uses the contents of the files generated by the authorize call. It has the following paramters:

  • storagePath - directory in which client secrets are located and where refresh token will be stored once authorization is complete
  • clientSecrets - the name of the file which contains the google client secrets minus the '.json' file type
  • executeAction - your function that will be called

executeAction must be a function with the following paramters:

  • oauthClient - googleAuth.OAuth2 object you can use to access the google services
  • google - instance of googleapis you can use to access the google services

Examples:

list files in your drive

var googleAuth = require('google-auth-wrapper');

function listMyFiles(auth, google) {
  var service = google.drive('v3'); 
  service.files.list({
      auth: auth,
      pageSize: 20,
      space: 'drive',
    },
    function(err, response) { 
      for (var j = 0; j < response.files.length; j++) {
        console.log(response.files[j].name); 
      }
    }
  );
} 
  
googleAuth.execute('./', 'client_secret', listMyFiles);

authorize your application to generate token file

Although it is intended that you can use the plugable aspect of authorize to integrate the authorization step into your app (using GUI or otherwise) you can also do it through simple command line app as follows:

var googleAuth = require('google-auth-wrapper');
var readline = require('readline');

googleAuth.authorize('./',
                     'client_secret',
                     ['https://www.googleapis.com/auth/drive'],
                     function(url, provideCode) {

  console.log('Please vist this url, authorize the app and return the code provided', url);
  var read = readline.createInterface({
    input: process.stdin,
    output: process.stdout
  });

  read.question('What was the code:?', function(code) {
    read.close();
    provideCode(code, function(err) {
      if (err !== undefined) console.log('err:' + err);
    });
  });
});

In this example the scopes are set so that you have full read/write to your google drive:

['https://www.googleapis.com/auth/drive'],

adjust this to request the level of access required.

For this example you will to have to have stored your credentials from google in the file 'client_secret.json' and the refresh token created by the authorize call will have been stored in 'client_secret.token'. NOTE make sure to protect these two files appropriately as they give full access to whatever access level you have requested.

Keywords

FAQs

Package last updated on 10 May 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon

Security News

Research

Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon

Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.

By Kirill Boychenko  -  Jan 03, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc