Mojo-JWT-Google
view release on metacpan or search on metacpan
lib/Mojo/JWT/Google.pm view on Meta::CPAN
}
sub as_form_data {
my ($self) = @_;
return {
grant_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion => $self->encode
}
}
1;
=head1 NAME
Mojo::JWT::Google - Service Account tokens
=head1 VERSION
version 0.15
=head1 SYNOPSIS
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
# authenticating for apis as a service account
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
scopes => 'https://www.googleapis.com/auth/gmail.send',
user_as => 'some-email@your-org.com'); # if you have domain-wide delegation
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/access_token') # will contain your access token
# authenticating to use the Identity Aware Proxy
my $gjwt = Mojo::JWT::Google->new(
from_json => '/my/secret/project-b98ale897.json',
audience => 'the-client-id-from-your-IAP');
my $ua = Mojo::UserAgent->new;
my $tx = $ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
$tx->res->json('/id_token') # will contain your id token
=head1 DESCRIPTION
Like L<Mojo::JWT>, you can instantiate this class by using the same syntax,
except that this class constructs the claims for you.
my $jwt = Mojo::JWT::Google->new(secret => 's3cr3t')->encode;
And add any attribute defined in this class. The JWT is fairly useless unless
you define your scopes.
my $gjwt = Mojo::JWT::Google->new(secret => 's3cr3t',
scopes => [ '/my/scope/a', '/my/scope/b' ],
client_email => 'riche@cpan.org')->encode;
You can also get your information automatically from the .json you received
from Google. Your secret key is in that file, so it's best to keep it safe
somewhere. This will ease some busy work in configuring the object -- with
virtually the only things to do is determine the scopes and the user_as if you
need to impersonate.
my $gjwt = Mojo::JWT::Google
->new( from_json => '/my/secret.json',
scopes => [ '/my/scope/a', '/my/scope/b' ])->encode;
To authenticate, send a post request to https://www.googleapis.com/oauth2/v4/token,
with your Mojo::JWT::Google's as_form_data method as the payload.
$ua->post('https://www.googleapis.com/oauth2/v4/token', form => $gjwt->as_form_data);
=cut
=head1 ATTRIBUTES
L<Mojo::JWT::Google> inherits all attributes from L<Mojo::JWT> and defines the
following new ones.
=head2 claims
Overrides the parent class and constructs a hashref representing Google's
required attribution.
=head2 client_email
Get or set the Client ID email address.
=head2 expires_in
Defines the threshold for when the token expires. Defaults to 3600.
=head2 issue_at
Defines the time of issuance in epoch seconds. If not defined, the claims issue
at date defaults to the time when it is being encoded.
=head2 scopes
Get or set the Google scopes. If impersonating, these scopes must be set up by
your Google Business Administrator.
=head2 target
Get or set the target. At the time of writing, there is only one valid target:
https://www.googleapis.com/oauth2/v4/token. This is the default value; if you
have no need to customize this, then just fetch the default.
=head2 user_as
Set the Google user to impersonate. Your Google Business Administrator must
have already set up your Client ID as a trusted app in order to use this
successfully.
=cut
=head1 METHODS
( run in 2.182 seconds using v1.01-cache-2.11-cpan-0bb4e1dffa6 )