(JavaScript) Add Custom Claims to JWT for Google Service Account OAuth2

Demonstrates how add custom claims to the JWT when getting a Google API OAuth2 access token using a JSON service account private key.

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First load the JSON key into a string.
var fac = new CkFileAccess();
var jsonKey = fac.ReadEntireTextFile("qa_data/googleApi/ChilkatTest-ab2ecd52ef98.json","utf-8");
if (fac.LastMethodSuccess !== true) {
    console.log(fac.LastErrorText);
    return;
}

// A JSON private key should look like this:

// 	{
// 	  "type": "service_account",
// 	  "project_id": "chilkattest-1350",
// 	  "private_key_id": "fa2e36ee26986eab628b59868af8bec1d1c64c38",
// 	  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIjFa...28N64N2n1E4FYzBZjSdy\n-----END PRIVATE KEY-----\n",
// 	  "client_email": "598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a@developer.gserviceaccount.com",
// 	  "client_id": "598922945226-00rb0ppfg0snd9jo7bhvd4v17jtj2d3a.apps.googleusercontent.com",
// 	  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
// 	  "token_uri": "https://accounts.google.com/o/oauth2/token",
// 	  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
// 	  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a%40developer.gserviceaccount.com"
// 	}

var gAuth = new CkAuthGoogle();
gAuth.JsonKey = jsonKey;

// Choose a scope.
gAuth.Scope = "https://www.googleapis.com/auth/cloud-platform";

// Request an access token that is valid for this many seconds.
gAuth.ExpireNumSeconds = 3600;

// If the application is requesting delegated access:
// The email address of the user for which the application is requesting delegated access,
// then set the email address here. (Otherwise leave it empty.)
gAuth.SubEmailAddress = "";

// --------------------------------------------------------------------------------------
// To add custom claims, create JSON containing the claims to be added and call AddClaims.
var moreClaims = new CkJsonObject();
moreClaims.UpdateString("claimAbc","valueAbc");
moreClaims.UpdateString("claimXyz","valueXyz");
// ...
gAuth.AddClaims(moreClaims);
// --------------------------------------------------------------------------------------

// Connect to www.googleapis.com using TLS (TLS 1.2 is the default.)
// The Chilkat socket object is used so that the connection can be established
// through proxies or an SSH tunnel if desired.
var tlsSock = new CkSocket();
success = tlsSock.Connect("www.googleapis.com",443,true,5000);
if (success !== true) {
    console.log(tlsSock.LastErrorText);
    return;
}

// Send the request to obtain the access token.
success = gAuth.ObtainAccessToken(tlsSock);
if (success !== true) {
    console.log(gAuth.LastErrorText);
    return;
}

// Examine the access token:
console.log("Access Token: " + gAuth.AccessToken);