NAME
Mojo::JWT::Google - Service Account tokens
VERSION
version 0.15
SYNOPSIS
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
# authenticating for apis as a service account
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
scopes => 'https://www.googleapis.com/auth/gmail.send',
user_as => 'some-email@your-org.com'); # if you have domain-wide delegation
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/access_token') # will contain your access token
# authenticating to use the Identity Aware Proxy
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
audience => 'the-client-id-from-your-IAP');
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/id_token') # will contain your id token
DESCRIPTION
Like Mojo::JWT, you can instantiate this class by using the same syntax, except that this class constructs the claims for you.
my $jwt = Mojo::JWT::Google->new(secret => 's3cr3t')->encode;
And add any attribute defined in this class. The JWT is fairly useless unless you define your scopes.
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
You can also get your information automatically from the .json you received from Google. Your secret key is in that file, so it's best to keep it safe somewhere. This will ease some busy work in configuring the object -- with virtually the only things to do is determine the scopes and the user_as if you need to impersonate.
my $gjwt = Mojo::JWT::Google
->new( from_json => '/my/secret.json',
scopes => [ '/my/scope/a', '/my/scope/b' ])->encode;
To authenticate, send a post request to https://www.googleapis.com/oauth2/v4/token, with your Mojo::JWT::Google's as_form_data method as the payload.
$ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
ATTRIBUTES
Mojo::JWT::Google inherits all attributes from Mojo::JWT and defines the following new ones.
claims
Overrides the parent class and constructs a hashref representing Google's required attribution.
client_email
Get or set the Client ID email address.
expires_in
Defines the threshold for when the token expires. Defaults to 3600.
issue_at
Defines the time of issuance in epoch seconds. If not defined, the claims issue at date defaults to the time when it is being encoded.
scopes
Get or set the Google scopes. If impersonating, these scopes must be set up by your Google Business Administrator.
target
Get or set the target. At the time of writing, there is only one valid target: https://www.googleapis.com/oauth2/v4/token. This is the default value; if you have no need to customize this, then just fetch the default.
user_as
Set the Google user to impersonate. Your Google Business Administrator must have already set up your Client ID as a trusted app in order to use this successfully.
METHODS
Inherits all methods from Mojo::JWT and defines the following new ones.
from_json
Loads the JSON file from Google with the client ID information in it and sets the respective attributes.
Dies on failure: file not found or value not defined
$gjwt->from_json('/my/google/app/project/sa/json/file');
SEE ALSO
SOURCE REPOSITORY
http://github.com/rabbiveesh/Mojo-JWT-Google
AUTHOR
Richard Elberger, <riche@cpan.org>
CONTRIBUTORS
Scott Wiersdorf, <scott@perlcode.org> Avishai Goldman, <veesh@cpan.org>
COPYRIGHT AND LICENSE
Copyright (C) 2015 by Richard Elberger
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.