feat(auth): use gtoken from internal class instead of dependency (#815)

Author: miguelvelezsa

packages/google-auth-library-nodejs/package.json

@@ -26,7 +26,6 @@
     "gaxios": "7.1.3",
     "gcp-metadata": "8.1.2",
     "google-logging-utils": "1.1.3",
-    "gtoken": "^8.0.0",
     "jws": "^4.0.0"
   },
   "devDependencies": {

packages/google-auth-library-nodejs/src/auth/jwtclient.ts

@@ -12,7 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {GoogleToken} from 'gtoken';
+import {GoogleToken} from '../gtoken/googleToken';
+import {getCredentials} from '../gtoken/getCredentials';
 import * as stream from 'stream';
 
 import {CredentialBody, Credentials, JWTInput} from './credentials';
@@ -257,8 +258,8 @@ export class JWT extends OAuth2Client implements IdTokenProvider {
     }
     this.credentials = result.tokens;
     this.credentials.refresh_token = 'jwt-placeholder';
-    this.key = this.gtoken!.key;
-    this.email = this.gtoken!.iss;
+    this.key = this.gtoken!.googleTokenOptions?.key;
+    this.email = this.gtoken!.googleTokenOptions?.iss;
     return result.tokens;
   }
 
@@ -402,7 +403,7 @@ export class JWT extends OAuth2Client implements IdTokenProvider {
       return {private_key: this.key, client_email: this.email};
     } else if (this.keyFile) {
       const gtoken = this.createGToken();
-      const creds = await gtoken.getCredentials(this.keyFile);
+      const creds = await getCredentials(this.keyFile);
       return {private_key: creds.privateKey, client_email: creds.clientEmail};
     }
     throw new Error('A key or a keyFile must be provided to getCredentials.');

packages/google-auth-library-nodejs/src/index.ts

@@ -92,6 +92,7 @@ export {
   ExternalAccountAuthorizedUserClientOptions,
 } from './auth/externalAccountAuthorizedUserClient';
 export {PassThroughClient} from './auth/passthrough';
+export * from './gtoken/googleToken';
 
 type ALL_EXPORTS = (typeof import('./'))[keyof typeof import('./')];
 

packages/google-auth-library-nodejs/test/test.googleauth.ts

@@ -2936,7 +2936,10 @@ describe('googleauth', () => {
       'Bearer initial-access-token',
     );
     scope.done();
-    assert.strictEqual('http://foo', (jwt as JWT).gtoken!.scope);
+    assert.strictEqual(
+      'http://foo',
+      (jwt as JWT).gtoken!.googleTokenOptions.scope,
+    );
   });
 
   // Allows a client to be instantiated from a certificate,
@@ -2958,7 +2961,10 @@ describe('googleauth', () => {
       'Bearer initial-access-token',
     );
     scope.done();
-    assert.strictEqual('http://foo', (jwt as JWT).gtoken!.scope);
+    assert.strictEqual(
+      'http://foo',
+      (jwt as JWT).gtoken!.googleTokenOptions.scope,
+    );
   });
 
   // Allows a client to be instantiated from a certificate,
@@ -2980,6 +2986,9 @@ describe('googleauth', () => {
       'Bearer initial-access-token',
     );
     scope.done();
-    assert.strictEqual('http://foo', (jwt as JWT).gtoken!.scope);
+    assert.strictEqual(
+      'http://foo',
+      (jwt as JWT).gtoken!.googleTokenOptions.scope,
+    );
   });
 });

packages/google-auth-library-nodejs/test/test.impersonated.ts

@@ -27,7 +27,28 @@ nock.disableNetConnect();
 const url = 'http://example.com';
 
 function createGTokenMock(body: CredentialRequest) {
-  return nock('https://oauth2.googleapis.com').post('/token').reply(200, body);
+  return nock('https://oauth2.googleapis.com')
+    .post(
+      '/token',
+      (newBody: string) => {
+        const url = new URLSearchParams(newBody);
+        const grantType = url.get('grant_type');
+        const assertion = url.get('assertion');
+        return (
+          grantType === 'urn:ietf:params:oauth:grant-type:jwt-bearer' &&
+          !!assertion
+        );
+      },
+      {
+        reqheaders: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+      },
+    )
+    .reply(200, {
+      access_token: body.access_token,
+      expires_in: 3600,
+    });
 }
 
 function createSampleJWTClient() {

packages/google-auth-library-nodejs/test/test.index.ts

@@ -35,9 +35,27 @@ describe('index', () => {
     assert(gal.AwsClient);
     assert(gal.BaseExternalAccountClient);
     assert(gal.DownscopedClient);
+    assert(gal.GoogleToken);
     assert(gal.Impersonated);
 
     assert(gal.gaxios);
     assert(gal.gcpMetadata);
   });
+
+  it('should export GoogleToken types', () => {
+    const tokenOptions: gal.TokenOptions = {
+      key: 'key',
+    };
+    assert.ok(tokenOptions);
+
+    const tokenData: gal.TokenData = {
+      access_token: 'token',
+    };
+    assert.ok(tokenData);
+
+    const transporter: gal.Transporter = {
+      request: async () => ({}) as any,
+    };
+    assert.ok(transporter);
+  });
 });

packages/google-auth-library-nodejs/test/test.jwt.ts

@@ -94,13 +94,19 @@ describe('jwt', () => {
       scope.done();
       assert.strictEqual(err, null);
       assert.notStrictEqual(creds, null);
-      assert.strictEqual('foo@serviceaccount.com', jwt.gtoken!.iss);
-      assert.strictEqual(PEM_PATH, jwt.gtoken!.keyFile);
+      assert.strictEqual(
+        'foo@serviceaccount.com',
+        jwt.gtoken!.googleTokenOptions.iss,
+      );
+      assert.strictEqual(PEM_PATH, jwt.gtoken!.googleTokenOptions.keyFile);
       assert.strictEqual(
         ['http://bar', 'http://foo'].join(' '),
-        jwt.gtoken!.scope,
+        jwt.gtoken!.googleTokenOptions.scope,
+      );
+      assert.strictEqual(
+        'bar@subjectaccount.com',
+        jwt.gtoken!.googleTokenOptions.sub,
       );
-      assert.strictEqual('bar@subjectaccount.com', jwt.gtoken!.sub);
       assert.strictEqual('initial-access-token', jwt.credentials.access_token);
       assert.strictEqual(creds!.access_token, jwt.credentials.access_token);
       assert.strictEqual(creds!.refresh_token, jwt.credentials.refresh_token);
@@ -123,7 +129,7 @@ describe('jwt', () => {
 
     jwt.authorize(() => {
       scope.done();
-      assert.strictEqual('http://foo', jwt.gtoken!.scope);
+      assert.strictEqual('http://foo', jwt.gtoken!.googleTokenOptions.scope);
       done();
     });
   });