NAME
Mojo::JWT::Google - Service Account tokens
VERSION
version 0.14
SYNOPSIS
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
# authenticating for apis as a service account
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
scopes => 'https://www.googleapis.com/auth/gmail.send',
user_as => 'some-email@your-org.com'); # if you have domain-wide delegation
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/access_token') # will contain your access token
# authenticating to use the Identity Aware Proxy
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
audience => 'the-client-id-from-your-IAP');
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/id_token') # will contain your id token
DESCRIPTION
Like Mojo::JWT, you can instantiate this class by using the same syntax,
except that this class constructs the claims for you.
my $jwt = Mojo::JWT::Google->new(secret => 's3cr3t')->encode;
And add any attribute defined in this class. The JWT is fairly useless
unless you define your scopes.
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
You can also get your information automatically from the .json you
received from Google. Your secret key is in that file, so it's best to
keep it safe somewhere. This will ease some busy work in configuring the
object -- with virtually the only things to do is determine the scopes
and the user_as if you need to impersonate.
my $gjwt = Mojo::JWT::Google
->new( from_json => '/my/secret.json',
scopes => [ '/my/scope/a', '/my/scope/b' ])->encode;
To authenticate, send a post request to
https://www.googleapis.com/oauth2/v4/token, your Mojo::JWT::Google's
as_form_data method.
$ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
ATTRIBUTES
Mojo::JWT::Google inherits all attributes from Mojo::JWT and defines the
following new ones.
claims
Overrides the parent class and constructs a hashref representing
Google's required attribution.
client_email
Get or set the Client ID email address.
expires_in
Defines the threshold for when the token expires. Defaults to 3600.
issue_at
Defines the time of issuance in epoch seconds. If not defined, the
claims issue at date defaults to the time when it is being encoded.
scopes
Get or set the Google scopes. If impersonating, these scopes must be set
up by your Google Business Administrator.
target
Get or set the target. At the time of writing, there is only one valid
target: https://www.googleapis.com/oauth2/v4/token. This is the default
value; if you have no need to customize this, then just fetch the
default.
user_as
Set the Google user to impersonate. Your Google Business Administrator
must have already set up your Client ID as a trusted app in order to use
this successfully.
METHODS
Inherits all methods from Mojo::JWT and defines the following new ones.
from_json
Loads the JSON file from Google with the client ID information in it and
sets the respective attributes.
Dies on failure: file not found or value not defined
$gjwt->from_json('/my/google/app/project/sa/json/file');
SEE ALSO
Mojo::JWT
SOURCE REPOSITORY
<http://github.com/rabbiveesh/Mojo-JWT-Google>
AUTHOR
Richard Elberger, <riche@cpan.org>
CONTRIBUTORS
Scott Wiersdorf, <scott@perlcode.org> Avishai Goldman, <veesh@cpan.org>
COPYRIGHT AND LICENSE
Copyright (C) 2015 by Richard Elberger
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.