|
1 | 1 |
|
2 | 2 |
|
3 | 3 |
|
4 | | - async function generate(keyfile){ |
| 4 | + async function generate(keyfile,scope){ |
5 | 5 |
|
6 | 6 |
|
7 | 7 |
|
8 | 8 | var clientEmail = keyfile.client_email; |
9 | 9 | var privateKeyPem = keyfile.private_key.replace(/\\n/g,'\n'); |
10 | | - var scope = 'https://www.googleapis.com/auth/devstorage.read_write'; |
11 | 10 |
|
12 | 11 | var assertion = await buildJwtAssertion({clientEmail,privateKeyPem,scope}); |
13 | 12 | var json = await exchangeForAccessToken(assertion); |
|
83 | 82 | }//sign |
84 | 83 |
|
85 | 84 |
|
86 | | - async function buildJwtAssertion({clientEmail,privateKeyPem,scope,aud='https://oauth2.googleapis.com/token'}){ |
| 85 | + async function buildJwtAssertion({clientEmail,privateKeyPem,scope,aud}){ |
87 | 86 |
|
88 | | - var key = await importPkcs8PrivateKey(privateKeyPem); |
89 | | - |
| 87 | + scope = Array.isArray(scope) ? scope.join(' ') : scope; |
| 88 | + aud ||= 'https://oauth2.googleapis.com/token'; |
| 89 | + |
90 | 90 | var now = Math.floor(Date.now()/1000); |
91 | | - var header = {alg:'RS256',typ:'JWT'}; |
92 | | - var payload = { |
93 | | - iss : clientEmail, |
94 | | - scope : Array.isArray(scope) ? scope.join(' ') : scope, |
95 | | - aud : aud, |
96 | | - iat : now, |
97 | | - exp : now+3600, // 1 hour max |
98 | | - }; |
| 91 | + |
| 92 | + var iss = clientEmail; |
| 93 | + var iat = now; |
| 94 | + var exp = now+3600; |
| 95 | + var payload = {iss,scope,aud,iat,exp}; |
99 | 96 |
|
| 97 | + var header = {alg:'RS256',typ:'JWT'}; |
100 | 98 | var encodedHeader = base64url(JSON.stringify(header)); |
101 | 99 | var encodedPayload = base64url(JSON.stringify(payload)); |
102 | 100 | var unsigned = `${encodedHeader}.${encodedPayload}`; |
103 | 101 |
|
| 102 | + var key = await importPkcs8PrivateKey(privateKeyPem); |
104 | 103 | var sig = await signRS256(key,unsigned); |
105 | 104 | var encodedSig = base64url(sig); |
106 | 105 | var str = `${unsigned}.${encodedSig}`; |
|
0 commit comments