Swift
Swift
Add Custom Claims to JWT for Google Service Account OAuth2
Demonstrates how add custom claims to the JWT when getting a Google API OAuth2 access token using a JSON service account private key.Chilkat Swift Downloads
func chilkatTest() {
var success: Bool = false
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// First load the JSON key into a string.
let fac = CkoFileAccess()!
var jsonKey: String? = fac.readEntireTextFile(path: "qa_data/googleApi/ChilkatTest-ab2ecd52ef98.json", charset: "utf-8")
if fac.lastMethodSuccess != true {
print("\(fac.lastErrorText!)")
return
}
// A JSON private key should look like this:
// {
// "type": "service_account",
// "project_id": "chilkattest-1350",
// "private_key_id": "fa2e36ee26986eab628b59868af8bec1d1c64c38",
// "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIjFa...28N64N2n1E4FYzBZjSdy\n-----END PRIVATE KEY-----\n",
// "client_email": "598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a@developer.gserviceaccount.com",
// "client_id": "598922945226-00rb0ppfg0snd9jo7bhvd4v17jtj2d3a.apps.googleusercontent.com",
// "auth_uri": "https://accounts.google.com/o/oauth2/auth",
// "token_uri": "https://accounts.google.com/o/oauth2/token",
// "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
// "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a%40developer.gserviceaccount.com"
// }
let gAuth = CkoAuthGoogle()!
gAuth.jsonKey = jsonKey
// Choose a scope.
gAuth.scope = "https://www.googleapis.com/auth/cloud-platform"
// Request an access token that is valid for this many seconds.
gAuth.expireNumSeconds = 3600
// If the application is requesting delegated access:
// The email address of the user for which the application is requesting delegated access,
// then set the email address here. (Otherwise leave it empty.)
gAuth.subEmailAddress = ""
// --------------------------------------------------------------------------------------
// To add custom claims, create JSON containing the claims to be added and call AddClaims.
let moreClaims = CkoJsonObject()!
moreClaims.updateString(jsonPath: "claimAbc", value: "valueAbc")
moreClaims.updateString(jsonPath: "claimXyz", value: "valueXyz")
// ...
gAuth.addClaims(json: moreClaims)
// --------------------------------------------------------------------------------------
// Connect to www.googleapis.com using TLS (TLS 1.2 is the default.)
// The Chilkat socket object is used so that the connection can be established
// through proxies or an SSH tunnel if desired.
let tlsSock = CkoSocket()!
success = tlsSock.connect(hostname: "www.googleapis.com", port: 443, ssl: true, maxWaitMs: 5000)
if success != true {
print("\(tlsSock.lastErrorText!)")
return
}
// Send the request to obtain the access token.
success = gAuth.obtainAccessToken(connection: tlsSock)
if success != true {
print("\(gAuth.lastErrorText!)")
return
}
// Examine the access token:
print("Access Token: \(gAuth.accessToken!)")
}