Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
node-gtoken
Node.js Google Authentication Service Account Tokens
This is a low level utility library used to interact with Google Authentication services. In most cases, you probably want to use the google-auth-library instead.
Installation
npm install gtoken
Usage
Use with a .pem or .json key file:
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.pem', // or path to .json key file
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
gtoken.getToken((err, tokens) => {
if (err) {
console.log(err);
return;
}
console.log(tokens);
// {
// access_token: 'very-secret-token',
// expires_in: 3600,
// token_type: 'Bearer'
// }
});
You can also use the async/await style API:
const tokens = await gtoken.getToken()
console.log(tokens);
Or use promises:
gtoken.getToken()
.then(tokens => {
console.log(tokens)
})
.catch(console.error);
Use with a service account .json key file:
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
keyFile: 'path/to/key.json',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
gtoken.getToken((err, tokens) => {
if (err) {
console.log(err);
return;
}
console.log(tokens);
});
Pass the private key as a string directly:
const key = '-----BEGIN RSA PRIVATE KEY-----\nXXXXXXXXXXX...';
const { GoogleToken } = require('gtoken');
const gtoken = new GoogleToken({
email: 'my_service_account_email@developer.gserviceaccount.com',
scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
key: key,
eagerRefreshThresholdMillis: 5 * 60 * 1000
});
Options
Various options that can be set when creating initializing the
gtokenobject.
options.email or options.iss: The service account email address.options.scope: An array of scope strings or space-delimited string of scopes.options.sub: The email address of the user requesting delegated access.options.keyFile: The filename of.jsonkey or.pemkey.options.key: The raw RSA private key value, in place of usingoptions.keyFile.options.additionalClaims: Additional claims to include in the JWT when requesting a token.options.eagerRefreshThresholdMillis: How long must a token be valid for in order to return it from the cache. Defaults to 0.
.getToken(callback)
Returns the cached tokens or requests a new one and returns it.
gtoken.getToken((err, token) => {
console.log(err || token);
// gtoken.rawToken value is also set
});
.getCredentials('path/to/key.json')
Given a keyfile, returns the key and (if available) the client email.
const creds = await gtoken.getCredentials('path/to/key.json');
Properties
Various properties set on the gtoken object after call to
.getToken().
gtoken.idToken: The OIDC token returned (if any).gtoken.accessToken: The access token.gtoken.expiresAt: The expiry date as milliseconds since 1970/01/01gtoken.key: The raw key value.gtoken.rawToken: Most recent raw token data received from Google.
.hasExpired()
Returns true if the token has expired, or token does not exist.
const tokens = await gtoken.getToken();
gtoken.hasExpired(); // false
.revokeToken()
Revoke the token if set.
await gtoken.revokeToken();
console.log('Token revoked!');
Downloading your private .json key from Google
- Open the Google Developer Console.
- Open your project and under "APIs & auth", click Credentials.
- Generate a new
.jsonkey and download it into your project.
Converting your .p12 key to a .pem key
If you'd like to convert to a .pem for use later, use OpenSSL if you have it installed.
$ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem
Don't forget, the passphrase when converting these files is the string 'notasecret'
License
Other packages similar to gtoken
google-auth-library
Similar to gtoken, google-auth-library is a comprehensive library for Google authentication, supporting OAuth2, service accounts, and other authentication methods. It offers more extensive features compared to gtoken, including support for various environments and additional Google authentication flows.
oauth2-client-js
This package provides mechanisms for implementing OAuth2 clients. While it is not specific to Google, it can be used for Google OAuth2 authentication. It is more generic compared to gtoken, which is specifically tailored for Google token management.
FAQs
Node.js Google Authentication Service Account Tokens
The npm package gtoken receives a total of 15,517,980 weekly downloads. As such, gtoken popularity was classified as popular.
We found that gtoken demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 10 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026