Class: Google::APIClient::JWTAsserter Deprecated

Inherits:

Object

• Object
• Google::APIClient::JWTAsserter

Defined in:

lib/google/api_client/auth/jwt_asserter.rb

Overview

Deprecated.

Service accounts are now supported directly in Signet

Generates access tokens using the JWT assertion profile. Requires a service account & access to the private key.

Examples:

Using Signet

key = Google::APIClient::KeyUtils.load_from_pkcs12('client.p12', 'notasecret')
client.authorization = Signet::OAuth2::Client.new(
  :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
  :audience => 'https://accounts.google.com/o/oauth2/token',
  :scope => 'https://www.googleapis.com/auth/prediction',
  :issuer => '123456-abcdef@developer.gserviceaccount.com',
  :signing_key => key)
client.authorization.fetch_access_token!
client.execute(...)

See Also:

• https://developers.google.com/accounts/docs/OAuth2ServiceAccount

Instance Attribute Summary

• #algorithm ⇒ String

  Algorithm used for signing.

• #expiry ⇒ Fixnum

  How long, in seconds, the assertion is valid for.

• #issuer ⇒ String

  ID/email of the issuing party.

• #key ⇒ String, OpenSSL::PKey writeonly

  Key for signing assertions.

• #scope ⇒ String

  Scopes to authorize.

• #skew ⇒ Fixnum

  Seconds to expand the issued at/expiry window to account for clock skew.

Instance Method Summary

• #authorize(person = nil, options = {}) ⇒ Signet::OAuth2::Client

  Request a new access token.

• #initialize(issuer, scope, key, algorithm = "RS256") ⇒ JWTAsserter constructor

  Initializes the asserter for a service account.

• #to_authorization(person = nil) ⇒ Signet::OAuth2::Client

  Builds a Signet OAuth2 client.

Constructor Details

#initialize(issuer, scope, key, algorithm = "RS256") ⇒ JWTAsserter

Initializes the asserter for a service account.

Parameters:

• issuer (String) —

  Name/ID of the client issuing the assertion

• scope (String, Array) —

  Scopes to authorize. May be a space delimited string or array of strings

• key (String, OpenSSL::PKey) —

  Key for signing assertions

• algorithm (String) (defaults to: "RS256") —

  Algorithm to use, either ‘RS256’ for RSA with SHA-256 or ‘HS256’ for HMAC with SHA-256

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 66

def initialize(issuer, scope, key, algorithm = "RS256")
  self.issuer = issuer
  self.scope = scope
  self.expiry = 60 # 1 min default 
  self.skew = 60      
  self.key = key
  self.algorithm = algorithm
end

Instance Attribute Details

#algorithm ⇒ String

Returns Algorithm used for signing.

Returns:

• (String) —

  Algorithm used for signing

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 52

def algorithm
  @algorithm
end

#expiry ⇒ Fixnum

Returns How long, in seconds, the assertion is valid for.

Returns:

• (Fixnum) —

  How long, in seconds, the assertion is valid for

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 44

def expiry
  @expiry
end

#issuer ⇒ String

Returns ID/email of the issuing party.

Returns:

• (String) —

  ID/email of the issuing party

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 42

def issuer
  @issuer
end

#key=(value) ⇒ String, OpenSSL::PKey (writeonly)

Returns key for signing assertions.

Returns:

• (String, OpenSSL::PKey) —

  key for signing assertions

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 50

def key=(value)
  @key = value
end

#scope ⇒ String

Returns Scopes to authorize.

Returns:

• (String) —

  Scopes to authorize

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 48

def scope
  @scope
end

#skew ⇒ Fixnum

Returns Seconds to expand the issued at/expiry window to account for clock skew.

Returns:

• (Fixnum) —

  Seconds to expand the issued at/expiry window to account for clock skew

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 46

def skew
  @skew
end

Instance Method Details

#authorize(person = nil, options = {}) ⇒ Signet::OAuth2::Client

Request a new access token.

Parameters:

• person (String) (defaults to: nil) —

  Email address of a user, if requesting a token to act on their behalf

• options (Hash) (defaults to: {}) —

  Pass through to Signet::OAuth2::Client.fetch_access_token

Returns:

• (Signet::OAuth2::Client) —

  Access token

See Also:

• Signet::OAuth2::Client.fetch_access_token!

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 103

def authorize(person = nil, options={})
  authorization = self.to_authorization(person)
  authorization.fetch_access_token!(options)
  return authorization
end

#to_authorization(person = nil) ⇒ Signet::OAuth2::Client

Builds a Signet OAuth2 client

Returns:

• (Signet::OAuth2::Client) —

  Access token

# File 'lib/google/api_client/auth/jwt_asserter.rb', line 113

def to_authorization(person = nil)
  return Signet::OAuth2::Client.new(
    :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
    :audience => 'https://accounts.google.com/o/oauth2/token',
    :scope => self.scope,
    :issuer => @issuer,
    :signing_key => @key,
    :signing_algorithm => @algorithm,
    :person => person
  )
end