How do I access an API hosted behind the google endpoint (ESP) from a Node JS client?. The Node JS client is running in a google compute Engine. I am trying to use Google ID token as mentioned in the below URL, but couldn't find a sample code for the same.
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication#using_a_google_id_token
Google has an official nodejs authentication library here:
https://github.com/google/google-auth-library-nodejs
If you're looking for code samples for how to authenticate to a remote service using a Google Web Token, there are several complete examples for different environments in that repository's README file, including an example for running in GCP:
https://github.com/google/google-auth-library-nodejs#json-web-tokens
Related
I am researching the feasibility of porting an existing Vue 2 app to be an Azure Static Web App (SWA). A requirement is the ability to run the Vue app locally and authenticate against our Auth0 tenant to retrieve a access/bearer token to send along with our HTTP requests.
It appears that a SWA can utilize custom authentication (Auth0), and I was able to complete that successfully by following this article. However, I'm not seeing any information around capturing the access token. There is an /.auth/me/ endpoint which has user information, but that does not contain the access token:
I also looked into the Azure Static Web App Emulator which allows for defining an identity profile when running locally, but I'm not seeing a way to specify an access token here either.
Is it possible at the moment with a SWA to obtain an access token using a custom auth provider when running locally and when published live?
Managed Authentication in Azure is really only useful for fairly simple use cases. I think you're going to want to implement your security directly inside your Vue application.
https://auth0.com/docs/quickstart/spa/vuejs/01-login
You mentioned needing an access token but didn't say where it comes from or what you're doing with it. Are you trying to call an Auth0-secured API?
https://auth0.com/docs/quickstart/spa/vuejs/02-calling-an-api
The context:
I'm trying to develop a desktop app with ElectronJS which needs access to Google APIs. As such, I want my users to be able to connect to their Google account via OAuth2.
As I use Electron, I have no safe way to store a "client-secret" and must use the "mobile app" method.
The problem:
Google keeps rejecting my redirect_uri:
The doc I followed:
The official npm "google-auth-library" package mentions the following regarding OAuth authentication for Electron apps ("OAuth2 with Installed Apps (Electron)" section) :
If you're authenticating with OAuth2 from an installed application (like Electron), you may not want to embed your client_secret inside of the application sources. To work around this restriction, you can choose the iOS application type when creating your OAuth2 credentials in the Google Developers console
As doing so gave me the previously mentionned Error 400, I looked into Google Identity documentation and saw this regarding localhost redirection:
Note that support for the loopback IP address redirect option on mobile apps is DEPRECATED.
My question:
At this point, I suspect that this is the reason Google is responding Error 400 to my requests (but I admit it could be my fault. I just don't understand what I do wrong as I feel like I follow the documentation strictly.)
If so, what are the possible ways to solve the issue ? Knowing that I have strictly 0 budget for this project and so I cannot afford to redirect to a domain I would buy or afford a server acting as proxy between my app and Google APIs.
(The code, if useful)
I use the "complete OAuth2 example" from google-auth-library except I changed the OAuth2Client constructor call to this, following the doc's recommandations:
const oAuth2Client = new OAuth2Client({
clientId: "<the clientID of my project from Google API Console>",
redirectUri: "http://127.0.0.1:3000"
})
In despair, I've tried a whole lot of different URL formats, but nothing works.
Thanks in advance for your help.
OAUTH BEHAVIOUR
An OpenID Connect desktop app uses PKCE without a client secret. According to RFC8252 it then receives the login response on either a loopback URL or via a private URI scheme notification.
The loopback option is fine for a desktop app but should not be used for a mobile app. Conversely, claimed HTTPS redirect URLs work for mobile apps but not desktop apps.
TROUBLESHOOTING YOUR PROBLEM
It is not clear whether your problem is caused by using a loopback URL or something else. To troubleshoot, you can use a couple of demo Electron apps of mine:
Loopback example
Private URI Scheme example
In both cases, edit the desktop.config.json file in the root folder. Replace my AWS Cognito values with your Google values. Then run npm start. See if that gets you any further, and post any follow up questions.
I'm trying to create a micro-service on Node to send requests on the Google Compute API via POST (for example here). This micro-service will be hosted on a App Engine application.
If I understand the documentation, I need to generate a JWT token before (with the google-auth-library) and send that token with the request.
I set up the env variable GOOGLE_APPLICATION_CREDENTIALS with the JSON file path of the Service Account used by the App Engine application on my debugger (to get the same authorization on my dev env).
But I can't reproduce the sample hosted on Github gave by the Google Documentation. I get error UnhandledPromiseRejectionWarning: ReferenceError: require is not defined because I'm using Node14 with "type": "module" on the package.json.
I searched but I found no solution on this. Do you have some hint ? Maybe I need to use a different code to generate JWT token or to authentificate these POST requests ?
Thank you
I need to call API's created using google cloud endpoint framework from my node.js applications. How I will be able to complete auth process and call the above APIs? Is it possible from node.js application to access the API's?
According to the official documentation, Cloud Endpoints Framework is a web framework for the App Engine standard (only) Python 2.7 and Java 8 runtime environments. It doesn’t support Node.js (nor PHP, Go) runtime environments.
=========================================================================
EDIT:
The answer to your initial question (“Is it possible from node.js application to access the API's”) is yes.
Your client application does not need to be in Python or Java, it can be on any language such as Node.js.
Regarding authentication, for the backend app (GAE), the flow would be the following:
You can authenticate the access to the Endpoints by creating a Service Account on Google Cloud Platform.
In the API Decorator, add the Service Account and public cert link.
In the API Decorator, add the SA as audience also.
Finally, on your Node.js application (client side), request Authentication by requesting the JWT token:
1.Create a JWT with the same audience set before on the API Decorator and sign it with the service account's private key.
2.Send the signed JWT in a request to the API.
Below you have some examples of the call request. I didn’t find examples in Node.js, they are in Python, but you can translate them to Node.js since the flow is basically the same:
1.JWT Authentication request GCP official documentation.
2.Accessing an API requiring Authentication (Python Client)
3.Github Google-Client-JWT Sample.
How can I authenticate my api access to insert new events to my google calendar without OAuth? I'm writing a node script without any front end/website and everywhere seems to recommend using OAuth with a redirect to your website...
The best solution I have come up with is write a secondary application purely to listen for that redirect and save the auth code returned.
Any suggestions would be greatly appreciated!
I think it was designed that OAuth be used to handle authentication and authorization when you're using Google APIs. You can read that from the Using OAuth 2.0 to Access Google APIs.
Google APIs use the OAuth 2.0 protocol for authentication and
authorization. Google supports common OAuth 2.0 scenarios such as
those for web server, installed, and client-side applications.
If you're using NodeJS for Calendar API, you can try the Node.js Quickstart. You'll be needing the following:
Node.js installed.
The npm package management tool (comes with Node.js).
Access to the internet and a web browser.
A Google account with Google Calendar enabled.